The private key is not copied to the local computer store when you use the Certificates snap-in to copy a certificate together with a private key from a local user store

Symptoms

When you use the Certificates snap-in to copy a certificate together with a private key from a local user store to the local computer store, the private key is not copied.

Cause

This problem occurs because of a limitation of the Certificates snap-in.

Workaround

To work around this problem, export the certificate together with the private key from the local user store to a .pfx file. Then, import the certificate from the .pfx file to the local computer store. To do this, follow these steps:
  1. Open the Certificates snap-in. To do this, follow these steps:
    1. Click Start, click Run, type mmc, and then click OK.
    2. On the File menu, click Add/Remove Snap-in.
    3. On the Standalone tab, click Add.
    4. Click Certificates, and then click Add.
    5. Click My user account, and then click Finish.
    6. Click Add, click Computer account, click Next, and then click Finish.
    7. Click Close, and then click OK.
  2. Export the certificate together with the private key from the local user store to a .pfx file. To do this, follow these steps:
    1. Expand Certificates - Current User, expand Personal, and then click Certificates.
    2. Right-click the certificate, click All Tasks, click Export, and then click Next.
    3. Click to select the Yes, export the private key check box, and then click Next two times.
    4. In the Password box and in the Confirm Password box, type the password, and then click Next.
    5. In the File name box, type the name that you want to use, click Next, and then click Finish.
    6. In the Certificate Export Wizard dialog box, click OK.
  3. Import the certificate from the .pfx file to the local computer store. To do this, follow these steps:
    1. Expand Certificates (Local Computer), and then expand Personal.
    2. Right-click Certificates, click All Tasks, click Import, and then click Next.
    3. In the File name box, type the file name that you specified in step 2e, and then click Next.
    4. In the Password box, type the password that you specified in step 2d, and then click Next two times.
    5. Click Finish, and then click OK.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

Steps to reproduce the problem

  1. Obtain a certificate that meets the following requirements:
    • The certificate is issued for server authentication.
    • The private key is marked as exportable.
  2. Download the certificate to a local user store.
  3. Click Start, click Run, type mmc, and then click OK.
  4. On the File menu, click Add/Remove Snap-in.
  5. On the Standalone tab, click Add.
  6. Click Certificates, and then click Add.
  7. Click My user account, and then click Finish.
  8. Click Add, click Computer account, click Next, and then click Finish.
  9. Click Close, and then click OK.
  10. Export the certificate from the local user store.
  11. Copy the certificate to the local computer store.
  12. Add the certificate to Internet Information Services (IIS).
The following event may be logged in the Application log:
Właściwości

Identyfikator artykułu: 939616 — ostatni przegląd: 21.10.2008 — zmiana: 1

Opinia