Error installing certificates with private keys

0

I got a PFX file with a private key (it was imported from another Windows installation and the button "Export Private Keys" was pressed). I installed it, and got the message that the import was succeful. When I see them in certmgr, I see the message

A system level error occurred while verifying trust

And no valid private key with a certificate.

Also this certificate has the "This certificate has an invalid digital signature." status.

What is a possible reason?

Dzmitry Lahoda

Posted 2011-07-12T12:26:55.767

Reputation: 181

Answers

1

"Verifying trust" could imply the certificate chain could not be validated due to an invalid signature (like a signature inside the certificate from the issuer).

It could simply referring to the signature from the issuing CA within the certificate itself could not be validated. (Perhaps the CA was revoked or CA keys may have expired and keys were renewed - but the CA's CN/DN remained the same.)

To check if it is a private key issue as you suspect, you could export the certificate alone and import the certificate without a private key and see if it still indicates an invalid signature - or if the certificate signature could not be validated.

I'd check that the issuing CA chains up to a trusted root certificate in LocalMachine|Trust store and all intermediate CA certs are present (Trust or CertificateAuthority store) and that all certificates are valid and that your certificate's AKI matches the issuing CA's SKI.

jets

Posted 2011-07-12T12:26:55.767

Reputation: 11

What is AKI and SKI? – Peter Mortensen – 2013-08-28T22:01:10.517

Asked: 2011-07-12T12:26:55.767

Viewed: 3 429 times

Active: 2013-08-28T22:00:53.440