Skip to main content

Fixing a https Cert in Windows

 I renewed a https cert today in Windows and had problems with the new Cert sticking in Windows

It would add fine, without error, but would disappear when the IIS Server Certificates screen would refresh. 


Open the Certificates in MMC (Local Machine) and inspecting the Web Hosting gave a clue, the new certificate was there, but with a key - the private key was missing. 


Could be because the original certificate was created on a completely different machine and imported to this new server. 

At any rate, a simple certutil command fixed it . 


A tip I received from SSL disappears from the certificate list on Windows server - SSL Certificates - Namecheap.com

Key steps are: 

  1. Double-click the certificate and go to Details tab.
  2. In certificate details locate the Serial Number field, click on it and copy its value.
  3. Open Command Prompt, pressing Win+R and typing cmd, then click OK
  4. In the command prompt type: certutil -repairstore my Serial_number from step 9
I actually typed 
    certutil -repairstore webhosting serialnumber

I had to replace my with webhosting, which leads to another tip, getting the command line names of the certificate stores.  

This is achieved with the following... 
PS C:\Users\Administrator> ls Cert:\LocalMachine

Name : TrustedPublisher
Name : ClientAuthIssuer
Name : Remote Desktop
Name : Root
Name : TrustedDevices
Name : WebHosting
Name : CA
Name : Windows Live ID Token Issuer
Name : REQUEST
Name : AuthRoot
Name : FlightRoot
Name : TrustedPeople
Name : addressbook
Name : My
Name : SmartCardRoot
Name : Trust
Name : Disallowed
Name : WindowsServerUpdateServices

Comments

Post a Comment

Popular posts from this blog

Changing Password - in AD, when you're changing one of your other accounts, not the logged in account

  Use Powershell  Step 1 - Put your existing password in a Secure String  $oldPassword = Read-Host "Your old Password" -AsSecureString  Step 2 - Start the password change set-AdAccountPassword -Identity paul-admin -OldPassword  $oldPassword Step 3 - Enter your new password You'll be prompted for your new password... Please enter the desired password for 'CN=xxxx,OU=Admin Users,OU=Users,OU=Privileged,DC=CAIS,DC=com,DC=edu,DC=au' Password: ************************** Repeat Password: **************************
Post a Comment
Read more

Tip to create an underline on a heading shorter than the heading itself

You can use a pseudo element with :before (or :after ): h1 { font - weight : 300 ; display : inline - block ; padding - bottom : 5px ; position : relative ; } h1 : before { content : "" ; position : absolute ; width : 50 %; height : 1px ; bottom : 0 ; left : 25 %; border - bottom : 1px solid red ; } http://jsfiddle.net/9e27b/ This is another solution that centers the heading, the problem here is that the underline gets shorter as the column gets shorter. h2 {   display: inline-block;   padding-bottom: 15px;   position: relative;   width: 100% ;   text-align: center; } h2:before{     content: "";     position: absolute;     width: 8%;     height: 1px;     bottom: 0;     left: 46%;     border-bottom: 1px solid red; }
Post a Comment
Read more

The web.config no extension mime problem Lets Encrypt on IIS/Windows

  Tip when using LetsEncrypt in Windows - Feature Requests - Let's Encrypt Community Support In a paragraph, just use the web.config file to set the mime type, eg...  After trying to figure out why my Lets Encrypt failed to generate in Windows, and discovering that it's the no extension mime type problem, I wondered whether certbot could fill in the missing gap. All that is needed is the following web.config file to be placed in the same directory as the challenge <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <staticContent> <mimeMap fileExtension="." mimeType="text/xml" /> </staticContent> </system.webServer> </configuration> Because there's no mime type for files without an extension on IIS, IIS sends back a 404 when verification happens. The web.config file above sets the mime type. After I created the .well-known
1 comment
Read more