Private key missing while importing certificate from internal CA

Question

certificate expired in IIS My task to renew it

I created CSR using mmc and using IIS /create certificate request for my internal CA They released to me .cer file. but while I import it to mmc/Certificates/Personal/Certificates there is missing privite key.

And because of missing privite key my IIS server not accepting it. While I import cert dissapeares.

I tried to fix using certuitil -repairstore my xxx looking for some Smart Card not helped.

I even tried to create using openssl same issue no private key.

I already made crazy my CA with my unlimited CSR.

Where I'm doing wrong? Why there is missing private key even I do all operation on the same server Issue from my side or CA?

Instead of just importing the certificate you also need to link the private key. I don't know if MMC exposes an option to complete a request if you look in the "Requests" store, or if you have to use `certreq -accept`, or if there's yet a different graphical way these days. — bartonjs, May 22 '23 at 15:35
@bartonjs I did as u suggest, giving below error `Expected -user | -machine argument Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)` — Shukurillo Baikhanov, May 23 '23 at 03:34
This error(0x80092004 ) indicates that certreq was unable to find related request object in the Certificate Enrollment Requests node in the certificate store. About private key you can refer to: https://www.entrust.com/knowledgebase/ssl/what-are-the-steps-to-recover-the-private-key-of-an-ssl-certificate-in-an-iis-environment#:~:text=A%20missing%20private%20key%20could,Wizard%20rather%20than%20through%20IIS. When certificate was installed correctly but no private key, refer to the answer: https://stackoverflow.com/a/21009835/20058276. — TengFeiXie, May 23 '23 at 07:27

score 0 · Accepted Answer · answered May 23 '23 at 11:58

0

Funny, My CA incorreclty issued certificate. There was missing 3rd level, They was sending me chain cert, not actual cert.

I compared below

answered May 23 '23 at 11:58

Shukurillo Baikhanov

688
3
15

Private key missing while importing certificate from internal CA

1 Answers1