Microsoft KB Archive/939616

= The private key is not copied to the local computer store when you use the Certificates snap-in to copy a certificate together with a private key from a local user store =

Article ID: 939616

Article Last Modified on 7/20/2007

-

APPLIES TO


 * Windows Vista Home Basic
 * Windows Vista Home Premium
 * Windows Vista Ultimate
 * Windows Vista Business
 * Windows Vista Enterprise
 * Windows Vista Home Basic 64-bit Edition
 * Windows Vista Home Premium 64-bit Edition
 * Windows Vista Ultimate 64-bit Edition
 * Windows Vista Business 64-bit Edition
 * Windows Vista Enterprise 64-bit Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



SYMPTOMS
When you use the Certificates snap-in to copy a certificate together with a private key from a local user store to the local computer store, the private key is not copied.



CAUSE
This problem occurs because of a limitation of the Certificates snap-in.



WORKAROUND
To work around this problem, export the certificate together with the private key from the local user store to a .pfx file. Then, import the certificate from the .pfx file to the local computer store. To do this, follow these steps:  Open the Certificates snap-in. To do this, follow these steps:  Click Start, click Run, type mmc, and then click OK. On the File menu, click Add/Remove Snap-in. On the Standalone tab, click Add. Click Certificates, and then click Add. Click My user account, and then click Finish. Click Add, click Computer account, click Next, and then click Finish.</li> Click Close, and then click OK.</li></ol> </li> Export the certificate together with the private key from the local user store to a .pfx file. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Expand Certificates - Current User, expand Personal, and then click Certificates.</li> Right-click the certificate, click All Tasks, click Export, and then click Next.</li> Click to select the Yes, export the private key check box, and then click Next two times.</li> In the Password box and in the Confirm Password box, type the password, and then click Next.</li> In the File name box, type the name that you want to use, click Next, and then click Finish.</li> In the Certificate Export Wizard dialog box, click OK.</li></ol> </li> Import the certificate from the .pfx file to the local computer store. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Expand Certificates (Local Computer), and then expand Personal.</li> Right-click Certificates, click All Tasks, click Import, and then click Next.</li> In the File name box, type the file name that you specified in step 2e, and then click Next.</li> In the Password box, type the password that you specified in step 2d, and then click Next two times.</li> Click Finish, and then click OK.</li></ol> </li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

Steps to reproduce the problem

 * 1) Obtain a certificate that meets the following requirements:
 * 2) * The certificate is issued for server authentication.
 * 3) * The private key is marked as exportable.
 * 4) Download the certificate to a local user store.
 * 5) Click Start, click Run, type mmc, and then click OK.
 * 6) On the File menu, click Add/Remove Snap-in.
 * 7) On the Standalone tab, click Add.
 * 8) Click Certificates, and then click Add.
 * 9) Click My user account, and then click Finish.
 * 10) Click Add, click Computer account, click Next, and then click Finish.
 * 11) Click Close, and then click OK.
 * 12) Export the certificate from the local user store.
 * 13) Copy the certificate to the local computer store.
 * 14) Add the certificate to Internet Information Services (IIS).

The following event may be logged in the Application log: Event Type: Error

Event Source: Schannel

Event Category: None

Event ID: 36870

Date:

Time:

User: N/A

Computer:

Description:

A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.

Keywords: kbtshoot kbprb kbexpertiseinter KB939616

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.