SSL disappear from the certificate list of Windows Server

Users with Windows servers may occasionally encounter an issue when an imported certificate disappears from the list of server certificates. Most often, this happens right after completing certificate request in Internet Information Services (IIS) Manager .

The lists of server certificates in IIS contains only certificates that are assigned to the corresponding private key and generated along with the certificate signing request (CSR) user for activating a particular certificate. When the link between certificate and private key is broken for some reason, the certificate disappears.

In order to make the certificate reappear, you will need to force the link between the certificate and the private key using the following steps.

1. Open the Microsoft Management Console (MMC) on your server machine. Make sure that you are logged as administrator before proceeding. To open MMC, press Win+R combination, type in mmc and click OK.

2. In File menu, select Add/Remove Snap-in.

3. In the Add or Remove Snap-ins dialogue window, select Certificates and click Add.

4.  Choose Computer Account in the Certificates snap-in window, click Next

5. Tick Local computer in the Select computer box, then click on Finish.

6. The required snap-in is selected now. Click the Ok button to proceed. The snap-in is added to console.

7.   Locate the certificate that was imported when completing certificate request. The certificate should be in Personal store. Note that icon of the certificate next to the domain name does not have a key on it. Means that no private key is assigned to the certificate.

8. Double –click the certificate and go to Details tab.

9. In certificate details locate the serial number field, click on it and copy its value.

10.  Open Command Prompt by pressing Win+R and typing the cmd, then click OK. Type the command as below and press enter.

11. In the command prompt type : certutil –repairstore my Serial_number xxxxxxxxxxxxxxx.( Note: Make sure the serial number of your certificate does not contain any spaces. It should be single string of symbols.)

If you receive “Certutil: -repairstore command FAILED:0X800900100” error, this means that the certificate request was generated on another server, and the private key is absent on this one. You need to either transfer the key to your server via PFX file or create a new CSR code and reissue the certificate.

 

How to view OU linked GPO’s in Cionsystems GPO Manager.

To check which OU’s are linked to a Group Policy.

1. Login to Cionsystems GPO manager.

2. Go to Filters -> OU Linked GPO’s ->Click on OU Linked GPO’s.

3. When we click on OU Linked GPO’s it will display the list of GPO’s linked to OU’s.

4. Right click on any GPO and select link option.

5. It will display the list of OU’s linked to a GPO as below.

In this window we can link any new OU’s  by clicking on Add or remove existing  OU’s link.

 

 

 

How to Restrict Group Policy for a User or Group in Cionsystems GPO Manager.

To restrict Group Policy for any user/group we need to follow the below steps.

1. Login to Cionsystems GPO Manager.

2. Select the group policy which has to be restricted and click on permissions tab.

3. From the GPO permissions  click on Add button and search for the user / group.

4.  Select the user / group and hit on ok.

5. In set permissions tab select read and apply group policy options as deny and hit on apply.

6.  It will take some time to process.

7. Once permissions set successfully it will pop up the message as “successfully added” and hit on ok.

8. Now added user /group is skipped by applying this group policy settings.

9. Once the permission is added then type the command  gpupdate/force in the command prompt.

How to check which GPO has the settings.

1. Login to Cionsystems GPO.

2. Select any GPO and check the status of GPO.

3. In above GPO Computer Settings User Configuration Settings were disabled.

4. To verify the GPO settings click on view option by right clicking on GPO.

5. As  below report is displaying only Computer Settings hence it conclude that GPO is having Computer settings Enable and User Settings  Disable.

6. In the same way we can check other GPO’s status also.