This error message is created because of one or a combination of the following:
- The credential file is wrongly formatted or the installation uses the wrong extension file.
In this method, the CSR for this credential was never produced.
- When the private key in Microsoft IIS does not fit the certificate you are downloading, a private key mismatch can occur.
- This certificate’s private key has been compromised, destroyed or is not the server on which the CSR was developed.
- For download, an inappropriate certificate file is used.
- You’ve changed your system and missed your submission.
The credential file is wrongly formatted or the installation uses the wrong extension file.
Using Vi or Notepad to copy and paste the certificate into a document (save as .txt) format. Do not use Microsoft Word or other character-adding word processing applications. Confirm that the file does not contain any additional lines or spaces. You have to have a text file which looks like:
— – BEGIN CERTIFICATE — –
— – END CERTIFICATE — –
Be sure that each side of the BEGIN CERTIFICATE and END CERTIFICATE has 5 dashes and that no white space, extra line breaks or supplementary characters have been inserted accidentally.
Double check to make sure that on this device you built the CSR. Then find the original method, if you don’t remember.
Make sure that on the Windows system, you do not uninstall the pending order. Requesting structures can be quickly removed with IIS 6 (server 2003).
The request will also be missed if a software upgrade has been added to the device.
After doing the following, troubleshoot the missed pending request or missing private key.
Step 1: Build a Certificate Management MMC Snap-in on a Windows server system:
- Starting? >? Hey, run? >? Uh. MMC.
- Go to the Tab Console >? File file >? Snap-in Add / Delete
Only click? Add > You click? Certificates and then click? Add.
Oh, choose? Computer Account > Forthcoming.
Oh, choose? Local Computer > Terminate.
- Close it? Add a standalone window snap-in.
- Only click? OK? OK? All right? At the house? Browser Add / Remove Snap-in.
- You will be taken straight to the management console to see the snap-in.
Step 2: Import your credential from SSL:
Expand to Certificates > Personal > Certificates (Local Computer)
- Right-click the Certificates button and pick All Activities > Import.
- The Certificate Import Wizard emerges, and the next click appears.
- Specify your SSL certificate ‘s location and route by pressing Browse …
Only click Next.
- Note:-You can need to change the file form you’re searching for from the drop-down menu to All to navigate to your certificate in the open browser.
- Only click Next.
- Select Terminate.
- You should receive a “Import has been successful” alert. Click Yes.
- In the centre of the Personal Certificates, you can see the new certificate emerge with an icon that has a little key on it.
- Double-click to double-check the certificate. If your certificate says, “You have a private key matching this certificate.” This means that your SSL certificate has been able to marry the private key and is now ready to connect to its facilities, export, etc …
- Only press OK.
- If a private key associated with your credential is still not available, then execute the following last resort troubleshooting tactics:
- Double-click your SSL Certificate with your SSL Certificate already imported to MMC.
- Click the Specifics tab on the certificate information window that opens, scroll down and select the Thumbprint field from the list.
- In the box below, the thumbprint appears; pick the thumbprint and copy it to the clipboard (click somewhere in the box, then press Ctrl+A followed by Ctrl+C on the keyboard).
- Open a Command Prompt (CMD) and run it as an administrator, and then run the command below.
- Certutil -repairstore my “< thumbprint >”
- Note: If you right-click on CMD, you will be able to paste the copied thumbprint between quotes using the paste feature.
- The command needs to be equivalent to:
’00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f’ certutil-repairstore’
- Note: If the Question Mark is visible? Remove it in the foreground of your thumbprint.
If the order completes successfully, you can see a lot of details that appears at the bottom with the following message:
- CertUtil: -repairstore order, successfully executed.
- Double-check the MMC certificate by double-clicking it. If your certificate says, “You have a private key that fits this certificate.” This means that your SSL certificate has been able to fit the private key and is now ready to connect to its facilities, to export, etc …
- Note: If your imported SSL certificate does not state that you have a private key, your private key has either been compromised or has never been created by this method. You would need to start creating a new CSR from scratch > Perform SSL Certificate Reissue > and then perform SSL Certificate Installation.
To refresh the Exchange or IIS application, you can now go back to Exchange or IIS and click F5 on your keyboard. Now that it has a private key, the new credential should show. This means that you can now delegate and attach the resources to your websites.