PKI : Recover the certificate private key with Microsoft tools
If a certificate does not contain the private key, the following part will be blank:
Follow these steps to include the private key in the certificate file :
- Use the following steps to add the Certificates snap-in:
- Click Start, and then click Run.
- Type in mmc and click OK.
- From the File menu, choose Add/Remove Snap-in.
- In the new window that appears, click Add.
- Select Certificates and then click Add.
- Choose the Computer account option and click Next.
- Select Local Computer and then click Finish.
- Click Close, and then click OK. The snap-in for Certificates (Local Computer) appears in the console.
Import the Server Certificate
Use the following steps to import your Server Certificate into the Personal certificate store. (If the Server Certificate has already been imported into the Personal store, you may skip this step.)
From the MMC console opened in the above steps:
- Expand the Certificates (Local Computer) tree in the left preview panel.
- Right-click Personal and select All Tasks > Import.
- The Certificate Import Wizard appears. Click Next.
- Browse to the location of your Server Certificate file and click Next.
- Select Place all certificates in the following store and click Next.
- Click Finish to complete the Certificate Import Wizard.
- A dialog box appears indicating the import was successful. Click OK.
Recover the Private Key
Use the following steps to recover your private key using the certutil command.
- Locate your Server Certificate file (for example, server.cer) and double-click it. The Certificate dialog box appears.
- Click the Details tab. Write down the 8-character serial number of the certificate.
- Click Start > Run.
- Type cmd and click OK. A Command Prompt window opens.
- Enter the following command at the prompt:
certutil –repairstore my <serial number>
is the 8-character serial number obtained in Step 2 (spaces removed).
- If Windows is able to recover the private key, you see the following message:
CertUtil: -repairstore command completed successfully.
- If your private key was recovered successfully, your Server Certificate installation is complete.
- Active Directory
- Files and folders
- Operating System
- Service and process