0

We have added a self-signed certificate when setting up AD FS, and now want to update the service communications certificate to our domain's wildcard cert. Following these instructions: http://support.microsoft.com/kb/2504439.

We imported the new certificate to computer certificate store but do not see an option to manage private keys. Verified logged in as domain admin (who should be able to manage certificates).

Running certutil -repairstore my * returns an ACCESS DENIED error message.

Any thoughts?

Wes
  • 155
  • 1
  • 5

1 Answers1

1

When you imported the wildcard cert, was it a PFX file that also contained the private key? Or was it just the public portion of the cert? If you only imported the cert, there's no private key to manage. You can check if the cert has a private key by viewing its properties. It should have the highlighted line at the bottom.

Certificate Information Dialog

Ryan Bolger
  • 16,755
  • 4
  • 42
  • 64
  • We will look into this, thanks for the quick response. – Wes Feb 11 '14 at 19:23
  • Ryan Bolger – This was the problem. We didn't export the public/secret portions of the cert, only the public portion. Ended up following these instructions as well: http://technet.microsoft.com/en-us/library/cc754329.aspx – Wes Feb 12 '14 at 15:37