![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 21%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELG%3C/text%3E%3C/svg%3E)
1,746 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Hi @Laurent Guiochet,
Many people may not realize that they perform the certificate process incorrectly when adding SSL to a public website. They'll download a certificate from an SSL certificate authority and not realize they've done it in the wrong order. They won't get any error messages, all that happens is that once you click on another section, the certificate in IIS disappears.
The correct process is as follows:
- Create your CSR using IIS (many people are missing this part) and request the certificate on the public site using the IIS request code.
- On the server where the CSR was created, save the SSL certificate .cer file sent to you by the certification authority.
- Perform "Complete Certificate Request..." on the IIS "Server Certificates" page.
- Assign the SSL certificate in IIS and configure binding.
This issue occurs because the imported certificate does not have an associated private key. For decryption to work correctly, the server obviously needs to have both the public and the private key.
To resolve the problem you need to create PKCS #12 Certificate File, and then clicked on the Import link in the Server Certificates window in IIS.
To generate the needed PKCS #12 Certificate File using OpenSSL do the following:
1.Download and install OpenSSL.
2.Save the three portions of the certificate into three separate files (Note: The Intermediate Certificate is optional, if you were not supplied with one, just skip the steps involving it):
- privatekey.txt – Copy and paste the contents of the private key including the begin and end lines.
- certificate.txt – Copy and paste the contents of the Regular Certificate including the begin and end lines.
- intermediate.txt – Copy and paste the contents of the Intermediate Certificate including the begin and end lines.
3.Move the three files into the bin folder where you installed OpenSSL (default folder is C:\OpenSSL-Win32\bin).
4.Open the command prompt and navigate to the bin folder where you installed OpenSSL.
5.Enter the following line and press enter (Omit ‘-certfile intermediate.txt’ if you do not have an Intermediate Certificate):
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.txt -in certificate.txt -certfile intermediate.txt
After the process completes, there will be a certificate.pfx file in the bin directory that can be used to import the certificate into the servers personal certificate store.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the email notification for this thread. Best regards, Yurong Dai