How to Recreate A Broken SSL Certificate Private Key

Occasionally a SSL certificate will become corrupt or install without a properly generated private key. When this happens it will often no longer function with IIS or other web servers. Here is how to recreate the private key for the SSL certificate.

Step

Log into the server with an administrative account. Choose Start and choose Run... In the box type in mmc and click ok.

Step

In the MMC go to File --> Add / Remove Snap-in... Click the Add button and choose certificates and click Add.

Step

Select Computer Account then Local Computer and Finish. Close the snap in Window and click OK.

Step

Navigate to the location of the certificate you need to repair.
For a certificate you installed the default location will be Personal --> Certificates.

Step

Double click on the certificate in the right hand pane. In the general information: note that if you have a private key already associated you will see a private key information bit at the bottom of the details (just above the issuer statement).

Step

Click on the Details tab.

Step

In the Details window, select Serial Number. Write down the serial number for the certificate that you wish to repair.

Step

Open a command prompt (start --> Run --> CMD -->OK).

Step

From the command prompt run: certutil -repairstore my "SerialNumber"

Step

Where SerialNumber is the serial number for the certificate that you just wrote down. Hit enter and you should receive a message stating the repair was successful.