locked
SSL certificate importing to wrong certificate store RRS feed

  • Question

  • User-1470146312 posted

    Hi,

    On Windows server 2003 I am trying to export a security certificate from one web server to another server(also W2K3 - ISA 2006).
    When I run the import wizard on the other server, it imports the certificate into the Current user certificate store. I need the cert to import to the Local computer certificate store, how do I do this?
    I tried manually moving it from one store to the other but when I go to assign the cert in the ISA listener I receive the following error: "Private key handle error"

    Thanks

    Wednesday, August 17, 2011 3:56 AM

Answers

  • User-1470146312 posted

    Thanks man but no matter what I do on the import wizard it will always go into the Current user - personal certificate store.

    Anyway I got the finger out and got a powershell solution. I typed it up for our own internal wiki so I might aswell post a copy of it here:

    ______________________ 
     
    The following instructions detail how to add an exported certificate with a personal key (.pfx file extension) to a remote Windows 2003 Server.
    Powershell is required to run the import, if Powershell is not installed please download and install it from the following location.
    -----------------------
    1. Copy the .pfx file to the remote server
    2. On the remote server start the Powershell command line - Click Start > Run > type powershell > press enter
    3. Paste the below function into Powershell and press enter
    function Import-PfxCertificate {

    param([String]$certPath,[String]$certRootStore = “localmachine”,[String]$certStore = “My”,$pfxPass = $null)
    $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

    if ($pfxPass -eq $null) {$pfxPass = read-host "Password" -assecurestring}

    $pfx.import($certPath,$pfxPass,"Exportable,PersistKeySet")

    $store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
    $store.open("MaxAllowed")
    $store.add($pfx)
    $store.close()
    }



    After the above function is set into memory paste the below command into Powershell.
    Change the filepath to the location of your certificate on the server. Enter the certificate password when prompted

     

    Import-PfxCertificate "C:\filepath" "LocalMachine" "My"
     
     

    Make sure the certificate imported correctly by checking the certificate store. To check the certificate store open the certificates MMC.

    1. Click Start > Run > type MMC and press enter
    2. Click File > Add/Remove snap-in
    3. Click Add > select the Certificates item > click add again
    4. Select Computer account > Click next > Select Local Computer and click finish
    5. Click Close > then click OK
    6. Expand the Personal container > Select the certificates container
    7. Your imported certificate will be listed here.
    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, August 17, 2011 7:28 AM

All replies

  • User-620729683 posted

    Hoping the certificate you try to import is installed on website on old webserver.

    Try to re-export certificate in .PFX format with password using Export wizard and then move certificate in new server and import using import wizard.

     

    Additionally refer to this URL

    Wednesday, August 17, 2011 4:40 AM
  • User-1470146312 posted

    Thanks man but no matter what I do on the import wizard it will always go into the Current user - personal certificate store.

    Anyway I got the finger out and got a powershell solution. I typed it up for our own internal wiki so I might aswell post a copy of it here:

    ______________________ 
     
    The following instructions detail how to add an exported certificate with a personal key (.pfx file extension) to a remote Windows 2003 Server.
    Powershell is required to run the import, if Powershell is not installed please download and install it from the following location.
    -----------------------
    1. Copy the .pfx file to the remote server
    2. On the remote server start the Powershell command line - Click Start > Run > type powershell > press enter
    3. Paste the below function into Powershell and press enter
    function Import-PfxCertificate {

    param([String]$certPath,[String]$certRootStore = “localmachine”,[String]$certStore = “My”,$pfxPass = $null)
    $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

    if ($pfxPass -eq $null) {$pfxPass = read-host "Password" -assecurestring}

    $pfx.import($certPath,$pfxPass,"Exportable,PersistKeySet")

    $store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
    $store.open("MaxAllowed")
    $store.add($pfx)
    $store.close()
    }



    After the above function is set into memory paste the below command into Powershell.
    Change the filepath to the location of your certificate on the server. Enter the certificate password when prompted

     

    Import-PfxCertificate "C:\filepath" "LocalMachine" "My"
     
     

    Make sure the certificate imported correctly by checking the certificate store. To check the certificate store open the certificates MMC.

    1. Click Start > Run > type MMC and press enter
    2. Click File > Add/Remove snap-in
    3. Click Add > select the Certificates item > click add again
    4. Select Computer account > Click next > Select Local Computer and click finish
    5. Click Close > then click OK
    6. Expand the Personal container > Select the certificates container
    7. Your imported certificate will be listed here.
    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, August 17, 2011 7:28 AM
  • User-295493466 posted
    I am having issues with my ssl certificate in some browsers. The location the ssl cert is being stored is in 'Certificates?Personal>Certificates'. Does anyone know if this location is correct?
    Friday, September 16, 2011 10:45 AM