Wednesday, June 29, 2011

Disappearing SSL certificates from IIS 7.0 manager


“I install a SSL server certificate using the ‘Complete Certificate Request’ wizard in IIS manager and when I refresh the view the certificate disappears. “
I have heard that a couple of times and every time I used to go “What ?” Until someone showed it to me.
If you are one of those who are wondering about this read on.
The Server Certificates module in IIS manager displays a list of certificates from the Local Machine SSL store.
But it only lists the certificate if
1. The certificate has a private key (.pfx format)
2. The certificate is meant for Server Authentication
And this is where the disappearing act occurs.
The IIS Manager enumerates all the extensions of the certificate and checks if OID 2.5.29.37 (Extended Key Usage) exists. If it does the certificate Enhanced Key Usage section must contain 1.3.6.1.5.5.7.3.1  (Server Authentication).