Assign Private Key to New Certificate
Recently our application team got alerts for Certificate expiration for their servers. So they planned to renew the certificates.
They asked their Certificate team to generate new Certificates for their servers and they did the Certificate import in Certificate Store.
However when they checked the new Certificate, they found that the new Certificate is not having the Private Key. Without Private Key their Server application will not be able to communicate with each other.
When they asked their Certificate team about this, they were asked to assign the Private Key to the Certificate manually.
Below is the process for same:
1: Log on to the computer that issued the certificate request by using an account that has administrative permissions.
2: Open Run command box, type MMC, and then click OK.
3: Click on File and select Add/Remove Snap-in…
4: Select Certificates, click Add button and click OK.
5: Select Computer account and click Next.
6: Select Local computer and click Finish button.
7: Click OK to continue.
8: Double click the new Certificate which doesn’t have the key logo.
9: In the Certificate dialog box, click the Details tab.
10: Click Serial Number in the Field column of the Details tab, highlight the serial number, and then write down/ copy the serial number.
11: Open Command Prompt as Administrator.
12: Type below command:
certutil -repairstore my “SerialNumber“
SerialNumber is the serial number that you wrote down / copied in step 10.
The CertUtil – repairstore command should complete successfully.
13: In the Certificates snap-in, right-click Certificates, and then click Refresh.
The certificate now has an associated private key.