SSL Diagnostics

Today I was updating the SSL certificate on one of the web sites. I don't do this very often and this time got into problem. After I deleted the old certificate and installed the new one I could not get the HTTPS URLs to work on the client machine. The Firefox just could not connect to the secured https pages without giving too much specifics why. I checked and double checked the certificates installation and it all seems to be installed fine including the whole chain to the root certificates.

I spent some time searching online and found quite useful tool SSL Diagnostics. This tool gave me a little bit more useful information on the problem. In the output there was a warning: "#WARNING: You DON'T have a private key that corresponds to this certificate". It looked like the either the problem with the supplied certificate or the association between the newly installed certificate and the private key.


Here is the final piece that helped to solve the problem: http://support.microsoft.com/?kbid=889651 .

"When you delete a certificate on a computer that is running any one of the following versions of Microsoft Internet Information Services (IIS), the corresponding private key is not deleted..."
"To assign the existing private key to a new certificate, you must use the Microsoft Windows Server 2003 version of Certutil.exe"

"
# In the Certificate dialog box, click the Details tab.
# Click Serial Number in the Field column of the Details tab, highlight the serial number, and then write down the serial number.
# Click Start, click Run, type cmd, and then click OK.
# At the command prompt, type the following:
certutil -repairstore my "SerialNumber"

SerialNumber is the serial number that you wrote down in step 17.
# In the Certificates snap-in, right-click Certificates, and then click Refresh.

The certificate now has an associated private key."