Purpose

This page documents a work-around for a problem where Windows does not associate a certificate (renewal or new certificate) with its private key.

Problem Diagnosis

  1. Import the certificate into the Windows certificate store using certmgr.msc
  2. View the certificate
  3. Check for the statement "You have a private key that corresponds to this certificate" (see Fig.1)
  4. If you are missing this statement run the procedure described below

 

Figure 1. 

 

Procedure

  1. From an administrative command prompt, run the following command:

    certutil  -repairstore my “serial no. of cert” inserting your certificate's serial number

  2. View the certificate (you may need to close and restart certmgr.msc to get it to refresh the display)
  3. If you now see the statement "You have a private key that corresponds to this certificate" the problem has been resolved.

Note: In one customer engagement we found that  “serial no. of cert” didn't work but supplying the certificate thumbprint did.

See Also