• Fix the “No Private Key” Error Message


    This article will show you how to correct the “No Private Key” error message in Windows Internet Information Server (IIS).

    If you receive this error, it indicates that a previous attempt to import the certificate in IIS failed to include the private key.

    To correct this, you will:

    1. Import the certificate into the personal store using Microsoft Management Console (MMC)
    2. Capture the serial number for the certificate in question
    3. Run the certutil program to repair the store
    4. Export the corrected certificate
    5. And finally re-import the certificate via IIS.

    Importing the Certificate with MMC

    1. Open MMC on your computer (you can locate this program by typing “mmc” in your Windows search bar).

    2. Select “File > Add/Remove Snap-in” (or type Control-M). Select “Certificates” and click the Addbutton.

    3. Select “Computer account” and click Next

    …then direct the snap-in to manage the “Local computer” and click Finish.

    4. Click OK to add the snap-in.

    5. Next, navigate to the “Certificates (Local Computer) > Personal > Certificates” folder.

    6. Right-click the folder and select “All tasks > Import” from the menu to open the Certificate Import Wizard.

    7. In the Import Wizard, make sure “Local Machine” is selected and hit Next.

    8. Locate and designate the target certificate (it should be in the .p7b format), then press Next.

    9. Set the wizard to place the imported certificates in the “Personal” store. Hit Next to proceed.

    10. Check the settings, then click Finish to import the certificate.


    Capture the Serial Number

    11. Right-click and open the certificate, then select the “Details” tab to find and capture the serial number.



    Run the certutil Program

    12. In order to perform the next step, you will need to open a command line session with administrator privileges. The most straightforward way to do this is to perform a search for “cmd”, then right-click the cmd icon and select “Run as administrator”. (Choose “Yes” if asked if you wish to allow this program to make changes on the computer.)

    13. At the command line, enter the following command, using your captured serial number:

    certutil -repairstore my "PLACE_SERIAL_NUMBER_HERE"

    Make certain and place the serial number between the quote marks as shown.

    14. If successful, this command will return some information about the certificate and a confirmation message.

    15. Close the command session and refresh MMC.


    Export the Corrected Certificate

    16. Right-click the certificate and select “All tasks > Export” to open the Certificate Export Wizard.

    17. After clicking through the Wizard’s welcome page, make sure that the option is set to “Yes, export the private key” and click Next.

    18. Choose the format for the exported certificate (here, a PKCS # 12 -encoded, or .PFX file). Make sure to check the boxes to include all certificates in the path and to export all extended properties, then click Next.

    19. You will be prompted for a password to protect this certificate bundle (a good idea, since it incorporates your private key). Create and confirm your password, then click Next.

    20.  Select the name and location of the file you are exporting. You may browse to a location you prefer – make sure to save the file with the .pfx extension.

    Note: Including the date is a good way to differentiate this certificate file from other ones.

    21. Review the information. If this all looks correct, click Finish.

    You will receive confirmation that the export was successful.



    Re-importing the Certificate with IIS

    You will now have a file you can re-import via IIS without throwing the “No Private Key” error. SSL.com has general instructions on how to do this in a separate article here. For our purposes, just remember to choose “Import” instead of “Complete Certificate Request” when processing this certificate and to enter the password when prompted.


    Remember also to set the Type to “https” and the Port to “443” (unless otherwise instructed by your network administrator) when binding the certificate to the site.

  • 相关阅读:
    一个高级的makefile文件
    poj3616题(动态规划),看了别人的提示,自己又写了一遍
    浅谈C++ IO标准库(1)
    https证书安装踩坑
    一个简单通知服务的开发和搭建
    WCF学习笔记
    线程(Thread)、线程池(ThreadPool)技术
    BackgroundWorker与线程使用
    使用ITextSharp生成PDF文件心得
    值类型与引用类型
  • 原文地址:https://www.cnblogs.com/zhangpengc/p/4903176.html
Copyright © 2020-2023  润新知