Skip to main content

How to restore a pending request in IIS 6.0 if it was deleted

To install a Web server certificate that lacks a pending certificate request:

1. Click Start >  point to Run >  type cmd > click OK.

2. Navigate to the directory where Certutil.exe is stored;  by default, this is %windir%\system32.

3. Type the following command at the command prompt: certutil -addstore my certnew.cer 


where certnew.cer is the name of the certificate you received from the certification authority (CA).


You should see the following message:


CertUtil: -addstore command completed successfully.

4. Navigate to the directory where you stored the certificate you received from the CA. Double click the saved certificate.

5. Click the Details tab and select <All> in the Show drop-down list.

6. In the Field list, select Thumbprint to display its value in the view pane.

7. Select the Thumbprint value in the view pane and then click CTRL+C.

8. Return to the command prompt window and type the following command: certutil -repairstore my "thumbprint"

where thumbprint is the value of the Thumbprint field. Be sure to type the double quotes as part of the command.


If the command is successful, the following message is displayed: "Encryption test passed CertUtil: = repairstore command completed successfully." 


Install the server certificate on your Web server.


IMPORTANT:



If the certutil command does not complete successfully, the following error message is displayed:


"Certutil: -repairstore command FAILED: 0x80090011 (-2146893807) Certutil: Object was not found."


This message indicates that the private key for the certificate does not exist in the certificate store. You cannot install the certificate you obtained from the CA. Instead, you must generate a new certificate request, obtain the new certificate, and install that new certificate on your Web server.

IIS stores the private key for a certificate as the pending request. Deleting the pending request deletes the association of the private key with IIS, but the private key still exists in the certificate store.


To install the certificate without having the pending request available, you can use version 5.2.3718.0 of the Certutil.exe command-line tool that is available through the Certificate Services MMC snap-in in Windows Server 2003.
Labels:

Popular posts from this blog

AD LDS – Syncronizing AD LDS with Active Directory

First, we will install the AD LDS Instance: 1. Create and AD LDS instance by clicking Start -> Administrative Tools -> Active Directory Lightweight Directory Services Setup Wizard. The Setup Wizard appears. 2. Click Next . The Setup Options dialog box appears. For the sake of this guide, a unique instance will be the primary focus. I will have a separate post regarding AD LDS replication at some point in the near future. 3. Select A unique instance . 4. Click Next and the Instance Name dialog box appears. The instance name will help you identify and differentiate it from other instances that you may have installed on the same end point. The instance name will be listed in the data directory for the instance as well as in the Add or Remove Programs snap-in. 5. Enter a unique instance name, for example IDG. 6. Click Next to display the Ports configuration dialog box. 7. Leave ports at their default values unless you have conflicts with the default values. 8. Click N...
Read more

DNS Scavenging.

                        DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997.  Despite many clever methods of ensuring that clients and DHCP servers that perform dynamic updates clean up after themselves sometimes DNS can get messy.  Remember that old test server that you built two years ago that caught fire before it could be used?  Probably not.  DNS still remembers it though.  There are two big issues with DNS scavenging that seem to come up a lot: "I'm hitting this 'scavenge now' button like a snare drum and nothing is happening.  Why?" or "I woke up this morning, my DNS zones are nearly empty and Active Directory is sitting in a corner rocking back and forth crying.  What happened?" This post should help us figure out when the first issue will happen and completely av...
Read more

HOW TO EDIT THE BCD REGISTRY FILE

The BCD registry file controls which operating system installation starts and how long the boot manager waits before starting Windows. Basically, it’s like the Boot.ini file in earlier versions of Windows. If you need to edit it, the easiest way is to use the Startup And Recovery tool from within Vista. Just follow these steps: 1. Click Start. Right-click Computer, and then click Properties. 2. Click Advanced System Settings. 3. On the Advanced tab, under Startup and Recovery, click Settings. 4. Click the Default Operating System list, and edit other startup settings. Then, click OK. Same as Windows XP, right? But you’re probably not here because you couldn’t find that dialog box. You’re probably here because Windows Vista won’t start. In that case, you shouldn’t even worry about editing the BCD. Just run Startup Repair, and let the tool do what it’s supposed to. If you’re an advanced user, like an IT guy, you might want to edit the BCD file yourself. You can do this...
Read more