In Windows IIS, and Exchange systems you may receive the following error message when attempting the installation of a digital certificate.
“The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard.”
“Cannot Find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.”
This error message occurs due to one or a combination of the following:
- Its a glitch that can happen from time to time on IIS server 2008 series.
- The certificate file is formatted incorrectly or the wrong extension file is being used for the installation.
- The CSR for this certificate was never generated on this system.
A private key mismatch may occur if the private key in Microsoft IIS does not match the certificate you are installing.
The private key for this certificate has been corrupted, lost, or this is not the server on which the CSR was generated.
You used the previous CSR upon Renewal and did not generate a new one.
The wrong certificate file is being used for the installation.
- You updated your system and lost the request.
Resolutions for troubleshooting:
- Click Ok to acknowledge the error message, and Cancel out of the Complete Certificate Request Wizard.
- Hit F5 on your keyboard to refresh the IIS console. Your new certificate should appear in the Middle pane under Server Certificates. It might be missing a friendly name. If you see the new certificate in this pane it means that installation was successful.
If your certificate still does not appears then it can mean that either the CSR request was never created on this system, or your private key was damaged. Below are other methods of troubleshooting.
Method 3: Ensure you are using the correct server certificate.
Double check and make sure you are completing the certificate request with the correct server certificate. Do not attempt to complete the certificate request with your CSR or an Intermediate file. Only the serve certificate issued derived from the CSR you submitted will work.
- Double check and make sure you created the CSR on this system. If you don’t know then find the original system.
- Ensure that you do not delete the pending request on that Windows system. With IIS 6 (server 2003) systems that request can be easily deleted.
- Sometimes if a software update to the system was applied the request can be lost. Perform Method 5 of this article for resolution.
When you generate a CSR, this creates a private key that corresponds to the CSR file. A deleted request or a request that was never created on this system means no private key on that system which gives this error message when attempting to complete the certificate request.
Method 4.2: Dealing with Multiple systems.
If you are in a situation where you have multiple systems where the server certificate needs to be installed on you MUST find the original Windows System where the CSR was generated.
- Install the server certificate on that original system.
- If or after the server certificate has been installed on that original system you can then perform a backup/export of that server certificate with its private key and then migrate it to your other systems. Visit our Backup/Export How to move instructions page for a list of How to move instructions.
Method 5: Last resort – Missing SSL Private key in Windows Servers.
If you are absolutely positive that this is the correct system and all other Methods of troubleshooting have been reviewed then there might be a way to still fix this issue manually by performing the following article instructions Troubleshooting: Missing Private key in Windows Servers
Method 6: Start from scratch.
Sometimes the only way to resolve these type of things is to start from scratch by performing the following.
- Generate a new CSR from the needed system. Instructions if needed can be found here.
- Perform a replacement of the certificate with this new CSR. Contact your CA provider on how to perform this.
- After the new server certificate has been issued attempt installation once again. Instructions if needed can be found here.
Method 7: Contact Microsoft.
Microsoft is a straight forward system. If all of the above methods of troubleshooting have failed then you may have a technical issue with your actual system and will need to contact Microsoft for possibly resolutions.