Certificate missing private key.

Sometimes when dealing with certificates, a problem occurs when the certificate does not have a private key assigned to it.

In regards to Lync for instance, it’s not possible to assign the certificate to any services when the private key is missing. The solution to this problem is rather simple, and well documented in Microsoft TechNet but i still choose to write a post about it i case someone stumbles accross it and finds it useful.

Import the certificate in the MMC certificate Snap-In as you would do with any other certificate for the computer account. The certificate shows up in the Personal certificate store. Then doubleclick the certificate in the Personal view, and select the Details tab.

Cert_Properties

  • Copy the serial number from the cerificate properties.
  • Start a command prompt with elevated rights and type the following command:
    certutil.exe -repairstore my “serialnumber of the certificate”
  • Refresh the Personal certificates view, and you will see that the certificate has now been assigned a private key.

Ready to go.

Update:

Just to make it clear, as it’s correctly pointed out by Lasse in the comments, it’s not possible to restore a private key to a certificate without actually having the private key in your cert store.

 

 

 

Advertisements

2 thoughts on “Certificate missing private key.

  1. This can happen if you request from one store, then import it to the “other” store (personal vs computer). You can ONLY repair the certstore if the server actually have the private key somewhere 😉

    1. That,s correct Lasse 🙂 This “problem” occurs mostly when renewing certificates from providers that ships certificates and private keys separate(you would already have the private key from the original request on the server in question) 🙂
      The linked article on TechNet describes your scenario, and the fact that you would have to use the backed up certificate to restore and thereby having the private key in place “somewhere” as you say 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s