Binding the Private Key to an SSL Certificate


You've installed an SSL certificate on a Windows server, but the certificate is not associated to its private key.


You can tell an SSL certificate is not associated to its private key in two places.

(1) In Certificate Management, the icon for the certificate is missing the "key" in the upper left corner.

(2) In the properties for the certificate (seen when double-clicking either the certificate), the "You have a private key that corresponds to this certificate." is missing.


  1. Open the Certificate Console. See this article for details how.
  2. Double-click the certificate and get the thumbprint of the certificate.
  3. Issue the following command on the server: certutil -repairstore my "thumbprint"
  4. When you see the response: "CertUtil: -repairstore command completed successfully" you should have a private key associated. NOTE: You may have to refresh the Microsoft Management Console window to see the private key on the certificate.
  5. The certificate should now be available for use.

Screen Shots

Certificate Management

Certificate Management

Certificate Properties

Certificate Properties