I ran into this problem today. Due to the timeframe and some other
issues, getting the key from the provider was not possible.
I found the following solution here (http://blogs.msdn.com/b/vijaysk/archive/2009/05/22/disappearing-ssl-certificates-from-iis-7-0-manager.aspx,
under pixelloa's comment) and thought it would be good to have the answer
on StackOverflow as well.
If the certificate does not have a private key, you can fix this by
doing the following:
To fix this, use the MMC snapin to import the cert into PERSONAL,
click it and grab the serial # line. Go to dos, run certutil
-repairstore my "paste the serial 3 in here" (you need the quotes) then
refresh MMC with personal certs, right click it - export - select
everything except DELETE PRIVATE KEY, hit ok. Then go to IIS and
IMPORT cert instead of finish request.
For what it's worth, all I actually had to do was run the
-repairstore command, and my certificate worked. I did run the
export and set a password for the export itself, but I did not have to
reimport the certificate. The certificate now shows up in IIS's list of
certificates and can be used for HTTPS bindings.
I hope this helped someone.