How to Recreate A Broken SSL Certificate Private Key

By braniac

Occasionally a SSL certificate will become corrupt or install without a properly generated private key. When this happens it will often no longer function with IIS or other web servers.Here is how to recreate the private key for the SSL certificate.

Things You'll Need

  • Administrative credentials to the server the certificate is on.
  • Knowledge of Windows Server Administration

Step 1

Log into the server with an administrative account. Choose Start and choose Run...In the box type in mmc and click ok.

Step 2

In the MMC go to File --> Add / Remove Snap-in...Click the Add button and choose certificates and click Add.

Step 3

Select Computer Account then Local Computer and Finish.Close the snap in Window and click OK.

Step 4

Navigate to the location of the certificate you need to repair. For a certificate you installed the default location will be Personal --> Certificates.

Step 5

Double click on the certificate in the right hand pane.In the general information: note that if you have a private key already associated you will see a private key information bit at the bottom of the details (just above the issuer statement).

Step 6

Click on the Details tab.

Step 7

In the Details window, select Serial Number. Write down the serial number for the certificate that you wish to repair.

Step 8

Open a command prompt (start --> Run --> CMD -->OK).

Step 9

From the command prompt run: certutil -repairstore my "SerialNumber" Where SerialNumber is the serial number for the certificate that you just wrote down.Hit enter and you should receive a message stating the repair was successful.

Tips & Warnings

  • Do not repair certificates that appear to be working. Be sure to have a reason for running the utility.