If you try and copy and paste thumbprint from this snap-in, an extra (invisible) unicode character is being copied also. This can lead to problems that are non-obvious. For example, copy and paste thumbprint into notepad. It appears that thumbprint is copied correctly, but if you try to save document, it reports that the document contains unicode characters.
If you try to copy paste this thumbprint into an application that asks for a certificate thumbprint, this can lead to errors where the invisible unicode character is unknowingly included. For example, there is a scenario in virtual machine manager that asks for a certificate thumbprint. Copy/pasting from this snap-in will lead to a non-obvious failure due to included unicode character.
One of the applications affected with this case is SQL Server when the certificate is needed for SSL Encrytopn of SSL connections. If simply copying the thumbpint from the certificate GUI and pasting it in with the invisible character, SQL Server fails to start.
The following workarounds can be used:
1. Instead of using certificates snap-in and certificate GUI, use certutil command line tool:
- "certutil -store -user my" for the user certificates or,
- "certutil -store my" for the machine certificates.
The thumbprint can be located in the line that starts with "Cert Hash(sha1)"
Cert Hash(sha1): e8 12 4b 42 c4 04 fd ca 8c ec 21 f1 91 76 5c b7 c3 ad 1d 55
2. When using certificates snap-in and certificate GUI, do NOT copy "extra space" that appears before the certificate thumbpint from the Richedit control.