Purpose
This page documents a work-around for a problem where Windows does not associate a certificate (renewal or new certificate) with its private key.
Problem Diagnosis
- Import the certificate into the Windows certificate store using
certmgr.msc - View the certificate
- Check for the statement "You have a private key that corresponds to this certificate" (see Fig.1)
- If you are missing this statement run the procedure described below
Figure 1.
Procedure
- From an administrative command prompt, run the following command:
certutil -repairstore my “serial no. of cert” inserting your certificate's serial number
- View the certificate (you may need to close and restart certmgr.msc to get it to refresh the display)
- If you now see the statement "You have a private key that corresponds to this certificate" the problem has been resolved.
Note: In one customer engagement we found that “serial no. of cert” didn't work but supplying the certificate thumbprint did.
See Also