Microsoft KB Archive/319392

= How to Use the Original Key Pair to Reinstall Certificate Services on an Existing Certification Authority =

PSS ID Number: 319392

Article Last Modified on 10/21/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q319392



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
In certain scenarios, you may have to remove and reinstall Certificate Services on a certification authority (CA). This article describes how to reinstall the key pair from the original CA but not use the original CA certificate.



MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

 Remove Certificate Services from the CA. Reinstall Certificate Services, and then click Advanced Options on the Certification Authority Type page of the Windows Components wizard. Select the Use existing keys check box, and then click the name of the original CA.

NOTE: Make sure that you clear the Use the associated certificate check box. Continue with the Windows Component wizard, and then click Save the request to a file on the CA Request page.

NOTE: It is important that you do not request the certificate directly over the network. Do not install the new certificate until you install the service and change the registry. Complete the Windows Component wizard. Start Registry Editor (Regedt32.exe).</li> Locate the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\ 

</li> Change the name of this registry key to the following name:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\ 

</li> Create the following registry value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\ \RequestKeyContainer

Type: REG_SZ

Value:

</li> Submit the saved certificate request, and then install the certificate.</li></ol>

If you do not complete this procedure, if you try to remove and reinstall Certificate Services on a CA, and then use the existing key pair with a newly issued CA certificate, you may receive the following error message:

Keyset does not exist. Error 0x80090016.

Keywords: kbenv kbinfo KB319392

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.