If you installed your SSL Certificate on your server, but the certificate doesn't have a private key associated with it, you can use the DigiCert® Certificate Utility for Windows to repair your certificate installation and make sure it's installed correctly for use in IIS, Exchange and other Windows server types.
This problem usually occurs when you install an SSL Certificate through the MMC Console to a Pending Request that was created elsewhere. You can use the DigiCert Utility to fix this problem, but only if the private key is on the server, and the server just doesn't have the private key and certificate associated together.
Private CA is a cost effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards. Avoid expirations—instantly issue, manage, and track your private intranet certificates by leveraging the visibility and alerts offered by the Managed PKI for SSL console. POST Order Private SSL; POST Order GeoTrust DV SSL; POST. If you ever lose a key, you'll need to revoke the lost key and generate a new one. API keys are generated and managed in your CertCentral account. To generate a new key. You're now ready to start using DigiCert CertCentral APIs. Your new API key is added to the list of keys on the.
On the Windows server where your SSL Certificate is located, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe) to the same directory/folder as the certificate.
Note: For this instruction, it is necessary for the certificate and utility to be located in the same directory/folder or else some of the steps may not work.
Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).
In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), check to see if there is a Caution Sign next to your certificate.
If you see a Caution SignAuthorize net generate signature key. , select your SSL Certificate and read the warning message describing the issue.
Although your SSL Certificate was copied to your server, it wasn't installed. To fix this problem, simply install your certificate to try to pair it with its private key.
In the DigiCert Certificate Utility for Windows©, select your SSL Certificate and click Install Certificate.
After your certificate is installed, check the certificates status again.
If the Caution Sign is gone, close the utility and then configure the server to use the certificate for your website, to secure email connections, etc.
See Assign & Configure Server Software to Use the SSL Certificate. If you cannot find instructions for your platform on that page, see SSL Certificate Installation Instructions & Tutorials.
Please see DigiCert Certificate Utility: Repair Intermediate SSL Certificate Errors.
The certificate is installed on your server, but it's not paired with its private key. To try to fix this problem, use the utility to repair the certificate.
In the DigiCert Certificate Utility for Windows©, select your SSL Certificate and click Repair Certificate.
When you receive the 'Would you like to scan your computer for this certificate's private key and attach to it' message, click Yes.
If you receive the 'This certificate has been successfully repaired.' message, click OK and close the utility.
Congratulations, you have matched your certificate with its private key. You have successfully installed your SSL Certificate.
Note: If you received 'The private key for this certificate could not be found in the machine or current user key stores,' error, continue to the next section.
If you received this error message, the private key for your SSL Certificate is not on this server. Most likely, the CSR for your certificate was created on a different server.
On your server where you are trying to install the certificate, create a new CSR.
See CSR Creation Instructions for Microsoft Servers. If you prefer not to use the DigiCert Certificate Utility, see Create a CSR (Certificate Signing Request).
After you create your new CSR, log into your DigiCert account and reissue the certificate.
See Reissuing a DigiCert® SSL Certificate.
Install the rekeyed/reissued certificate on your server where you created the CSR.
See SSL Certificate Importing Instructions: DigiCert Certificate Utility. If you prefer not to use the DigiCert Utility, see SSL Certificate Installation Instructions & Tutorials.
Then, reconfigure the server to use the certificate for your website, to secure email connections, etc.
See Assign & Configure Server Software to Use the SSL Certificate. If you cannot find instructions for your platform on that page, see SSL Certificate Installation Instructions & Tutorials.