The private key is not copied to the local computer store when you use the Certificates snap-in to copy a certificate together with a private key from a local user store

The private key is not copied to the local computer store when you use the Certificates snap-in to copy a certificate together with a private key from a local user store

Article ID : 939616
Last Review : July 20, 2007
Revision : 1.1
On This Page

SYMPTOMS

When you use the Certificates snap-in to copy a certificate together with a private key from a local user store to the local computer store, the private key is not copied.

Back to the top

CAUSE

This problem occurs because of a limitation of the Certificates snap-in.

Back to the top

WORKAROUND

To work around this problem, export the certificate together with the private key from the local user store to a .pfx file. Then, import the certificate from the .pfx file to the local computer store. To do this, follow these steps:

1. Open the Certificates snap-in. To do this, follow these steps:

a. Click Start, click Run, type mmc, and then click OK.
b. On the File menu, click Add/Remove Snap-in.
c. On the Standalone tab, click Add.
d. Click Certificates, and then click Add.
e. Click My user account, and then click Finish.
f. Click Add, click Computer account, click Next, and then click Finish.
g. Click Close, and then click OK.
2. Export the certificate together with the private key from the local user store to a .pfx file. To do this, follow these steps:

a. Expand Certificates – Current User, expand Personal, and then click Certificates.
b. Right-click the certificate, click All Tasks, click Export, and then click Next.
c. Click to select the Yes, export the private key check box, and then click Next two times.
d. In the Password box and in the Confirm Password box, type the password, and then click Next.
e. In the File name box, type the name that you want to use, click Next, and then click Finish.
f. In the Certificate Export Wizard dialog box, click OK.
3. Import the certificate from the .pfx file to the local computer store. To do this, follow these steps:

a. Expand Certificates (Local Computer), and then expand Personal.
b. Right-click Certificates, click All Tasks, click Import, and then click Next.
c. In the File name box, type the file name that you specified in step 2e, and then click Next.
d. In the Password box, type the password that you specified in step 2d, and then click Next two times.
e. Click Finish, and then click OK.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the Applies to section.

Back to the top

MORE INFORMATION

Steps to reproduce the problem

1. Obtain a certificate that meets the following requirements:

• The certificate is issued for server authentication.
• The private key is marked as exportable.
2. Download the certificate to a local user store.
3. Click Start, click Run, type mmc, and then click OK.
4. On the File menu, click Add/Remove Snap-in.
5. On the Standalone tab, click Add.
6. Click Certificates, and then click Add.
7. Click My user account, and then click Finish.
8. Click Add, click Computer account, click Next, and then click Finish.
9. Click Close, and then click OK.
10. Export the certificate from the local user store.
11. Copy the certificate to the local computer store.
12. Add the certificate to Internet Information Services (IIS).

The following event may be logged in the Application log:

Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description:
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.

Back to the top


APPLIES TO
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Ultimate
• Windows Vista Business
• Windows Vista Enterprise
• Windows Vista Home Basic 64-bit Edition
• Windows Vista Home Premium 64-bit Edition
• Windows Vista Ultimate 64-bit Edition
• Windows Vista Business 64-bit Edition
• Windows Vista Enterprise 64-bit Edition
• Microsoft Windows Server 2003, Standard Edition (32-bit x86)
• Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
• Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
• Microsoft Windows Server 2003, Web Edition
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional
• Microsoft Windows 2000 Professional Edition
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server

Back to the top

Keywords: 
kbtshoot kbprb kbexpertiseinter KB939616

Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image