Troubleshooting: “Cannot find the certificate request that is associated with this certificate file.”

In Windows IIS, and Exchange systems you may receive the following error message when attempting the installation of a digital certificate.

“The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard.”

Or

“Cannot Find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.”

Cannot find the request that is associated with this certificate file

This error message occurs due to one or a combination of the following:

  • Its a glitch that can happen from time to time on IIS server 2008 series.
  • The certificate file is formatted incorrectly or the wrong extension file is being used for the installation.
  • The CSR for this certificate was never generated on this system.
  • A private key mismatch may occur if the private key in Microsoft IIS does not match the certificate you are installing.
  • The private key for this certificate has been corrupted, lost, or this is not the server on which the CSR was generated.
  • You used the previous CSR upon Renewal and did not generate a new one.
  • The wrong certificate file is being used for the installation.
  • You updated your system and lost the request.

Resolutions for troubleshooting:

Method 1: Glitch during installation.

Unfortunately this is typically with a glitch with the IIS 7 to 8 series.

  1. Click Ok to acknowledge the error message, and Cancel out of the Complete Certificate Request Wizard.
  2. Hit F5 on your keyboard to refresh the IIS console. Your new certificate should appear in the Middle pane under Server Certificates. It might be missing a friendly name. If you see the new certificate in this pane it means that installation was successful.

If your certificate still does not appears then it can mean that either the CSR request was never created on this system, or your private key was damaged. Below are other methods of troubleshooting.

Method 2: Ensure Proper Formatting of the Certificate File.
Copy and paste the certificate into a text file (save as .txt) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file. You should have a text file that looks like:
—–BEGIN CERTIFICATE—–
[encoded data]
—–END CERTIFICATE—–
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.

Method 3: Ensure you are using the correct server certificate.

Double check and make sure you are completing the certificate request with the correct server certificate. Do not attempt to complete the certificate request with your CSR or an Intermediate file. Only the serve certificate issued derived from the CSR you submitted will work.

Method 4.1: Ensure That you have created the CSR on this Windows system. 
  • Double check and make sure you created the CSR on this system. If you don’t know then find the original system.
  • Ensure that you do not delete the pending request on that Windows system. With IIS 6 (server 2003) systems that request can be easily deleted.
  • Sometimes if a software update to the system was applied the request can be lost. Perform Method 5 of this article for resolution.

When you generate a CSR, this creates a private key that corresponds to the CSR file. A deleted request or a request that was never created on this system means no private key on that system which gives this error message when attempting to complete the certificate request.

Method 4.2: Dealing with Multiple systems. 

If you are in a situation where you have multiple systems where the server certificate needs to be installed on you MUST find the original Windows System where the CSR was generated.

  1. Install the server certificate on that original system.
  2. If or after the server certificate has been installed on that original system you can then perform a backup/export of that server certificate with its private key and then migrate it to your other systems. Visit our Backup/Export How to move instructions page for a list of How to move instructions.

Method 5: Last resort – Missing SSL Private key in Windows Servers.

If you are absolutely positive that this is the correct system and all other Methods of troubleshooting have been reviewed then there might be a way to still fix this issue manually by performing the following article instructions Troubleshooting: Missing Private key in Windows Servers

 Method 6: Start from scratch. 

Sometimes the only way to resolve these type of things is to start from scratch by performing the following.

  1. Generate a new CSR from the needed system. Instructions if needed can be found here.
  2. Perform a replacement of the certificate with this new CSR. Contact your CA provider on how to perform this.
    • For Acmetek clients you can replace your certificate within your SSLPartnerCenter or use your User portal. For instruction on how to replace using your User Portal click here.
  3. After the new server certificate has been issued attempt installation once again. Instructions if needed can be found here.

Method 7: Contact Microsoft.

Microsoft is a straight forward system. If all of the above methods of troubleshooting have failed then you may have a technical issue with your actual system and will need to contact Microsoft for possibly resolutions.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »