Article ID: 939616
Article Last Modified on 7/20/2007
APPLIES TO
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Ultimate
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Windows Vista Business 64-bit Edition
- Windows Vista Enterprise 64-bit Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
SYMPTOMS
When you use the Certificates snap-in to copy a certificate together with a private key from a local user store to the local computer store, the private key is not copied.
CAUSE
This problem occurs because of a limitation of the Certificates snap-in.
WORKAROUND
To work around this problem, export the certificate together with the private key from the local user store to a .pfx file. Then, import the certificate from the .pfx file to the local computer store. To do this, follow these steps:
- Open the Certificates snap-in. To do this, follow these steps:
- Click Start, click Run, type mmc, and then click OK.
- On the File menu, click Add/Remove Snap-in.
- On the Standalone tab, click Add.
- Click Certificates, and then click Add.
- Click My user account, and then click Finish.
- Click Add, click Computer account, click Next, and then click Finish.
- Click Close, and then click OK.
- Export the certificate together with the private key from the local user store to a .pfx file. To do this, follow these steps:
- Expand Certificates - Current User, expand Personal, and then click Certificates.
- Right-click the certificate, click All Tasks, click Export, and then click Next.
- Click to select the Yes, export the private key check box, and then click Next two times.
- In the Password box and in the Confirm Password box, type the password, and then click Next.
- In the File name box, type the name that you want to use, click Next, and then click Finish.
- In the Certificate Export Wizard dialog box, click OK.
- Import the certificate from the .pfx file to the local computer store. To do this, follow these steps:
- Expand Certificates (Local Computer), and then expand Personal.
- Right-click Certificates, click All Tasks, click Import, and then click Next.
- In the File name box, type the file name that you specified in step 2e, and then click Next.
- In the Password box, type the password that you specified in step 2d, and then click Next two times.
- Click Finish, and then click OK.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
Steps to reproduce the problem
- Obtain a certificate that meets the following requirements:
- The certificate is issued for server authentication.
- The private key is marked as exportable.
- Download the certificate to a local user store.
- Click Start, click Run, type mmc, and then click OK.
- On the File menu, click Add/Remove Snap-in.
- On the Standalone tab, click Add.
- Click Certificates, and then click Add.
- Click My user account, and then click Finish.
- Click Add, click Computer account, click Next, and then click Finish.
- Click Close, and then click OK.
- Export the certificate from the local user store.
- Copy the certificate to the local computer store.
- Add the certificate to Internet Information Services (IIS).
The following event may be logged in the Application log:
Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description:
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.
Keywords: kbtshoot kbprb kbexpertiseinter KB939616