Microsoft KB Archive/842215

= Certificate properties are overwritten when you import a certificate and the key pair is unavailable to the newly-imported certificate =

Article ID: 842215

Article Last Modified on 2/5/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Server

-





SYMPTOMS
When you use the Microsoft Certificate Import Wizard to import either a certificate (.cer) file or a key and certificate (.pfx) file to a certificate store, both of the following symptoms may occur:
 * The original certificate properties are replaced with the properties of the newly-imported certificate.
 * The newly-imported certificate has two key pairs that are associated with it. However, the original key pair that was associated with the original certificate is unavailable to the newly-imported certificate. Therefore, the original key pair for the user profile becomes orphaned.

Note These symptoms only occur if the following conditions are true:
 * The user is using the same user profile and computer where the certificate was originally imported.
 * The certificate is re-imported to a store where the same certificate already exists.



CAUSE
The problem occurs because the certificate import operation overwrites the existing certificate and creates a new key store.



MORE INFORMATION
When this problem occurs, the imported certificate overwrites the properties of the existing certificate. The certificate properties that may be overwritten include the level of protection and export support.

The key pair is not overwritten. A new key pair store is created every time a certificate is re-imported. However, when this problem occurs the original keys become detached or orphaned from the certificate.

Note This problem may also occur if roaming profiles are used. A certificate import on one computer overwrites the certificate properties on all computers that are used by the roaming profile.

For more information about how to import a certificate, visit the following Microsoft Web site:

http://www.microsoft.com/windows/windows2000/en/advanced/help/sag_CMprocsImport.htm

For more information about importing and exporting certificates, visit the following Microsoft Web site:

http://www.microsoft.com/windows/windows2000/en/advanced/help/sag_CMimportExport.htm



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbwinservds kbactivedirectory kbtshoot kbprb KB842215

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.