In our case this problem occurred because we have installed the certificate in a Virtual Machine and made an image of it for further use.

When creating another VM from the image previously created the certificate sends the message.

To avoid this be sure to install the certificate on every new VM installed.

Instead of importing the cert from IIS, do it from MMC. Then goto IIS for binding.

I ran across this same issue, but fixed it a different way. I believe the account I was using changed from the time I initially attempted to set up the certificate to the time where I returned to finish the work, thus creating the issue. What the issue is, I don't know, but I suspect it has to do with some sort of hash from the current user and that is inconsistent in some scenarios as the user is modified or recreated, etc.

To fix it, I ripped out of both IIS and the Certificates snap-in (for Current User and Local Computer) all references of the certificate in question:

Next, I imported the *.pfx file into the certs snap-in in MMC, placing it in the Local Computer\Personal node:

1. Right-click the Certificates node under Personal (under Local Computer as the root)
2. All Tasks -> Import
3. Go through the Wizard to import your *.pfx

From that point, I was able to return to IIS and find it in the Server Certificates. Finally, I went to my site, edited the bindings and selected the correct certificate. It worked because the user was consistent throughout the process.

To the point mentioned in another answer, you shouldn't have to resort to marking it as exportable as that's a major security issue. You're effectively allowing anyone who can get to the box with a similar set of permissions to take your cert with them and import it anywhere else. Obviously that's not optimal.

I just had this issue today and feel compelled to post my solution in the hope that you will lose less hair than I've just done.

After trying the solutions above, we had to re-issue the SSL certificate from the SSL provider (RapidSSL issuing as a reseller for GeoTrust).

There was no cost with this process, just the five minute wait while the confirmation emails (admin@) arrived, and we gained access again.

Once we had the response, we used IIS > Server Certificates to install it. We did not need the MMC snap-in.

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO5757

We kept a remote desktop window to the server open throughout, to avoid any issues with differing login accounts/sessions, etc. I do believe it is an IIS bug as another expert believes, as we only have one RDC account. What is most infuriating is that the very same certificate has been working perfectly for two months before suddenly "breaking".

Try :

1. Go into IIS and delete "VSTS Dev Router" web site and "VSTS Dev Router Pool" application pool.
2. Run “certlm.msc” and open Personal/Certificates
3. Delete any cert named “*.vsts.me” and "vsts.me"
4. Re-deploy

I got this error due to wrong openssl command-line during export PKCS #12 certificate. -certfile key was wrong. I exported certificate again and it was imported successfully.