Microsoft KB Archive/939616

From BetaArchive Wiki
Knowledge Base


The private key is not copied to the local computer store when you use the Certificates snap-in to copy a certificate together with a private key from a local user store

Article ID: 939616

Article Last Modified on 7/20/2007


APPLIES TO

  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server


SYMPTOMS

When you use the Certificates snap-in to copy a certificate together with a private key from a local user store to the local computer store, the private key is not copied.

CAUSE

This problem occurs because of a limitation of the Certificates snap-in.

WORKAROUND

To work around this problem, export the certificate together with the private key from the local user store to a .pfx file. Then, import the certificate from the .pfx file to the local computer store. To do this, follow these steps:

  1. Open the Certificates snap-in. To do this, follow these steps:
    1. Click Start, click Run, type mmc, and then click OK.
    2. On the File menu, click Add/Remove Snap-in.
    3. On the Standalone tab, click Add.
    4. Click Certificates, and then click Add.
    5. Click My user account, and then click Finish.
    6. Click Add, click Computer account, click Next, and then click Finish.
    7. Click Close, and then click OK.
  2. Export the certificate together with the private key from the local user store to a .pfx file. To do this, follow these steps:
    1. Expand Certificates - Current User, expand Personal, and then click Certificates.
    2. Right-click the certificate, click All Tasks, click Export, and then click Next.
    3. Click to select the Yes, export the private key check box, and then click Next two times.
    4. In the Password box and in the Confirm Password box, type the password, and then click Next.
    5. In the File name box, type the name that you want to use, click Next, and then click Finish.
    6. In the Certificate Export Wizard dialog box, click OK.
  3. Import the certificate from the .pfx file to the local computer store. To do this, follow these steps:
    1. Expand Certificates (Local Computer), and then expand Personal.
    2. Right-click Certificates, click All Tasks, click Import, and then click Next.
    3. In the File name box, type the file name that you specified in step 2e, and then click Next.
    4. In the Password box, type the password that you specified in step 2d, and then click Next two times.
    5. Click Finish, and then click OK.


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

Steps to reproduce the problem

  1. Obtain a certificate that meets the following requirements:
    • The certificate is issued for server authentication.
    • The private key is marked as exportable.
  2. Download the certificate to a local user store.
  3. Click Start, click Run, type mmc, and then click OK.
  4. On the File menu, click Add/Remove Snap-in.
  5. On the Standalone tab, click Add.
  6. Click Certificates, and then click Add.
  7. Click My user account, and then click Finish.
  8. Click Add, click Computer account, click Next, and then click Finish.
  9. Click Close, and then click OK.
  10. Export the certificate from the local user store.
  11. Copy the certificate to the local computer store.
  12. Add the certificate to Internet Information Services (IIS).

The following event may be logged in the Application log: Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description:
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.


Keywords: kbtshoot kbprb kbexpertiseinter KB939616



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/939616&oldid=231134
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki