Home » IIS » Missing certificate in IIS binding (CertUtil and Private Keys)

Missing certificate in IIS binding (CertUtil and Private Keys)

Missing certificate is one of the common issues related to IIS binding settings. If you add a certificate to Server Certificates in IIS but you don’t see it in the binding window, there are two things to check first:

  • Check if the certificate you added to “Server Certificates” is the one you created a “Certificate Request” for. If you added a certificate that wasn’t requested in “Server Certificates”, it won’t show up in IIS binding window even though it appears in “Server Certificates” list
  • The most common cause of this issue the missing private key in the certificate. Follow the steps below to rebind the primary key to the certificate.

Solution for missing certificate in IIS binding

Check if the certificate has a private key:

  • Go to mmc and Add Certificates for Computer account
  • A “key image” should be on the certificate image. You can also check it by double clicking the certificate
Check certificate private key to solve missing certificate issue

If the certificate doesn’t have a private key, copy the Thumbprint of the certificate and run the command below.

certutil -repairstore my [thumbprint]

You should see CertUtil: -repairstore command completed successfully message. Close IIS Manager and open again. Check if the binding window shows the certificate now.

Certutil repairstore

If select the certificate successfully after these steps but it gets deleted or replaced later, check this post out: SSL Certificate Settings deleted for endpoint (Event ID 15300)

For generic troubleshooting steps about server side SSL issues, Microsoft has a comprehensive blog post.

Ned Sahin

Blogger for 20 years. Former Microsoft Engineer. Author of six books. I love creating helpful content and sharing with the world. Reach me out for any questions or feedback.
Categories IIS

3 thoughts on “Missing certificate in IIS binding (CertUtil and Private Keys)”

  1. Found the Thumbprint. ran below from Admin prompt and got an error.

    certutil -repairstore my 9285b4ab0bc281b5b006558704bc1a3a0a368379
    my “Personal”
    ================ Certificate 2 ================
    Serial Number: 752ce4600b71a9faef7a1d574c3e9d49591c9127
    Issuer: CN=localhost
    NotBefore: 10/20/2021 8:19 AM
    NotAfter: 11/19/2021 8:19 AM
    Subject: CN=localhost
    Signature matches Public Key
    Root Certificate: Subject matches Issuer
    Cert Hash(sha1): 9285b4ab0bc281b5b006558704bc1a3a0a368379
    No key provider information
    Cannot find the certificate and private key for decryption.
    CertUtil: -repairstore command FAILED: 0x80090010 (-2146893808 NTE_PERM)
    CertUtil: Access denied.

    Reply

Leave a Comment