SSL Private Key Recover

To assign the existing private key to a new certificate, you must use the Microsoft Windows Server 2003 version of Certutil.exe. To do this, follow these steps:

  1. Log on to the computer that issued the certificate request by using an account that has administrative permissions.
  2. Click Start, click Run, type mmc,and then click OK.
  3. On the File menu, click Add/Remove Snap-in.
  4. In the Add/Remove Snap-in dialog box, click Add.
  5. Click Certificates, and then click Add.
  6. In the Certificates snap-in dialog box, click Computer account, and then click Next.
  7. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
  8. Click Close, and then click OK.
  9. In the Certificates snap-in, expand Certificates, right-click the Personal folder, point to All Tasks, and then clickImport.
  10. On the Welcome to the Certificate Import Wizard page, click Next.
  11. On the File to Import page, click Browse.
  12. In the Open dialog box, click the new certificate, click Open, and then click Next.
  13. On the Certificate Store page, click Place all certificates in the following store, and then click Browse.
  14. In the Select Certificate Store dialog box, click Personal, click OK, click Next, and then click Finish.
  15. In the Certificates snap-in, double-click the imported certificate that is in the Personal folder.
  16. In the Certificate dialog box, click the Details tab.
  17. Click Serial Number in the Field column of the Details tab, highlight the serial number, and then write down the serial number.
  18. Click Start, click Run, type cmd, and then click OK.
  19. At the command prompt, type the following:
    certutil -repairstore my “SerialNumber

    SerialNumber is the serial number that you wrote down in step 17.

  20. In the Certificates snap-in, right-click Certificates, and then click Refresh.

    The certificate now has an associated private key.

You can now use the IIS MMC to assign the recovered keyset (certificate) to the Web site that you want.

Note: Follow these steps if running Windows Server 2008 only

  1. Open MMC (Microsoft Management Console) to the Certificate Manager for the Local Computer account. (Certificates Snap In)
  2. Look in the Personal section of the Certificate Manager and there should be icon(s) without a little golden key. (Those with the key have the private key bonded to them.)
  3. Delete the icons without the golden key.
  4. Go back to the EMS.
  5. Run the Import-ExchangeCertificate and Enable-ExchangeCertificate in one line like so: [ Import-ExchangeCertificate -Path c:\exchange.networking4all.com.crt | Enable-ExchangeCertificate -Services “SMTP, IMAP, IIS, POP” ]
    *** Please modify the command according to your needs. ***
  6. Everything should work fine from here and if they are not, please contact Microsoft.

No Comments

Post a Comment