Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Certificate import issue

  • 17-08-2011 8:01am
    #1
    Registered Users, Registered Users 2 Posts: 1,009 ✭✭✭


    Hey,

    Having a bit of a noddle scratcher of an issue here and was wondering can anyone give me a dig out?

    On Windows server 2003 I am trying to export a security certificate from one web server to another server(also W2K3 - ISA 2006).
    When I run the import wizard on the other server, it imports the certificate into the Current user certificate store. I need the cert to import to the Local computer certificate store, how do I do this?

    I tried manually moving it from one store to the other but when I go to assign the cert in the ISA listner I recieve the following error. "Private key handle error"

    I've done this dozens of times and this has never happened

    Thanks,


Comments

  • Registered Users, Registered Users 2 Posts: 3,521 ✭✭✭francois


    Export the cert as a pfx format then copy to the new server
    click on it and it will bring up the import wizard
    When you browse to import the cert check the "show physical stores" box, then expand trusted root certificates and choose local computer


  • Registered Users, Registered Users 2 Posts: 1,009 ✭✭✭vangoz


    francois wrote: »
    Export the cert as a pfx format then copy to the new server
    click on it and it will bring up the import wizard
    When you browse to import the cert check the "show physical stores" box, then expand trusted root certificates and choose local computer

    Thanks man, but that wont work in this case as the cert cannot be assigned in ISA or IIS if it is in the root CA container.

    Anyway I got the finger out and scripted it (although there's probaly an easier way). I typed it up for our internal wiki so heres a copy of it.

    The following instructions detail how to add an exported certificate with a personal key (.pfx file extension) to a remote Windows 2003 Server.
    Powershell is required to run the import, if Powershell is not installed please download and install it from the following location.

    http://www.microsoft.com/download/en/details.aspx?id=20020


    1. Copy the .pfx file to the remote server
    2. On the remote server start the Powershell command line - Click Start > Run > type powershell > press enter
    3. Paste the below function into Powershell and press enter
    function Import-PfxCertificate {

    param([String]$certPath,[String]$certRootStore = “localmachine”,[String]$certStore = “My”,$pfxPass = $null)
    $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

    if ($pfxPass -eq $null) {$pfxPass = read-host "Password" -assecurestring}

    $pfx.import($certPath,$pfxPass,"Exportable,PersistKeySet")

    $store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
    $store.open("MaxAllowed")
    $store.add($pfx)
    $store.close()
    }



    After the above function is set into memory paste the below command into Powershell.
    Change the filepath to the location of your certificate on the server. Enter the certificate password when prompted



    Import-PfxCertificate "C:\filepath" "LocalMachine" "My"

    Make sure the certificate imported correctly by checking the certificate store. To check the certificate store open the certificates MMC.
    1. Click Start > Run > type MMC and press enter
    2. Click File > Add/Remove snap-in
    3. Click Add > select the Certificates item > click add again
    4. Select Computer account > Click next > Select Local Computer and click finish
    5. Click Close > then click OK
    6. Expand the Personal container > Select the certificates container
    7. Your imported certificate will be listed here.


Advertisement