Missing certificate in IIS binding (CertUtil and Private Keys)

Missing certificate is one of the common issues related to IIS binding settings. If you add a certificate to Server Certificates in IIS but you don’t see it in the binding window, there are two things to check first:

  • Check if the certificate you added to “Server Certificates” is the one you created a “Certificate Request” for. If you added a certificate that wasn’t requested in “Server Certificates”, it won’t show up in IIS binding window even though it appears in “Server Certificates” list
  • The most common cause of this issue the missing private key in the certificate. Follow the steps below to rebind the primary key to the certificate.

Solution for missing certificate in IIS binding

Check if the certificate has a private key:

  • Go to mmc and Add Certificates for Computer account
  • A “key image” should be on the certificate image. You can also check it by double clicking the certificate
Check certificate private key to solve missing certificate issue

If the certificate doesn’t have a private key, copy the Thumbprint of the certificate and run the command below.

certutil -repairstore my [thumbprint]

You should see CertUtil: -repairstore command completed successfully message. Close IIS Manager and open again. Check if the binding window shows the certificate now.

Certutil repairstore

If select the certificate successfully after these steps but it gets deleted or replaced later, check this post out: SSL Certificate Settings deleted for endpoint (Event ID 15300)

For generic troubleshooting steps about server side SSL issues, Microsoft has a comprehensive blog post.

Leave a Comment