Connect certificate to private key

If you want to connect an SSL certificate to a private key, you can use the Certutil.exe commandline tool. This tool is available through the Certificates Services MMC snap-in.

In order to connect an SSL certificate to a private key, you have to log in as Administrator onto the computer on which the CSR was generated (this is usually the primary user on a Windows installation).

Open the Microsoft Management Console. Go to the menu option 'File', followed by the option 'Add/Remove Snap-in'. Click on 'Certificates' and click on 'Add'. Select the correct account in the Certificates Snap-in window and click on 'Next'. Select Local Computer from the Select Computer window, and click 'Finish'. Click 'Close' and 'OK'.

Open the Certificates folder in the Certificates Snap-in window. Select the folder 'Personal' with the right mouse button, and select 'All tasks'. Click 'Import'. The Certificate Import Wizard will now be opened. Click 'Next'. Navigate to the new certificate, click 'Open', followed by 'Next'. In the next window, select the option 'Place all certificates in the following Store'. Click on 'Personal', followed by 'Next' and 'Finish'. If all steps have been followed correctly, a notification will be shown indicating that the import was successful.

Select the imported certificate from the 'Personal' folder in the Certificates Snap-in window. Go to the 'Details' tab in the Certificate window to copy the Serial Number. Open a commandline console, and execute the following command:

certutil -repairstore my "Serial number"

In the Certificates Snap-in window, select 'Certificates' with your right mouse button. Click 'Refresh'.

The certificate is now connected to the Private Key. Use IIS to assign the certificate to the appropriate website.