There are two common issues when binding SSL certificates on IIS: disappearing certificates and certificates that error when binding SSL. I am working on Server 2012 R2, but this issue can occur with older versions of IIS too. This post, “SSL Errors Part 2,” addresses the second issue: logon error when binding SSL. Click here if you are looking for part 1: SSL Certificate Disappears After Installation.

In this case, your certificate itself installs without issue and does not disappear like it did in part 1. The issue arises when you attempt to bind SSL to your certificate.

Steps to reproduce:
Select the web site you want add SSL to, then select “Bindings…” and fill out your screen.

addsitebinding

When you select “OK,” this error appears:

Add Site Binding
There was an error while performing this operation.
Details:
A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT:0x80070520)

bindingerror

This occurs due to something being wrong in the certificate’s extended attributes. I do not believe this something you did wrong; instead, I believe it is a bug in IIS that has been there since at least Windows Vista/Server 2008, but has not yet been fixed.

Luckily, you can fix the problem in four easy steps. In IIS manager, select your server, then open Server Certificates and highlight the certificate.

Perform these four actions:

  1. Export the certificate
  2. Save it as a .pfx file
  3. Remove the certificate from your web server
  4. Import the certificate back from the .pfx file you just created

That’s it. Now your web site will bind SSL correctly. The export and import fixes the attributes that are broken by default.