Mark_Collinge
asked on
Cannot Install certificate into personal store
My client installed and uninstalled ARX Cryptokit. since then we cannot install personal cerificates. If I drag a certificate to the personal store in certmgr.msc, the certificate appears but if i quit and relaunch it has gone. XP SP3 IE7.
Have you tried creating a new windows profile to see if the behavior is consistent?
ASKER
I have. The account has admin rights, I have also tried local administrator account all the same...
Have you tried using the certificates snap-in from MMC instead of certmgr.msc? The template may be corrupt.
Also try copying the serial number from the details tab and do this from cmd:
certutil -user -addstore my "paste serial number"
Then check if its there:
certutil -user -store my "paste serial number"
You can try checking permissions here:
%userprofile%\Application Data\Microsoft\Crypto\RSA\ %SID%\
*note: view this in Explorer to see files, or use attrib command - just using dir probably isn't going to return anything. BE CAREFUL IN THIS DIRECTORY as it contains private keys. do not move or delete anything from here, just check permissions on the folder and each file. A shortcut way to check permissions is to select all and try opening in notepad - if any error out then focus on those for permissions.
Also try copying the serial number from the details tab and do this from cmd:
certutil -user -addstore my "paste serial number"
Then check if its there:
certutil -user -store my "paste serial number"
You can try checking permissions here:
%userprofile%\Application Data\Microsoft\Crypto\RSA\
*note: view this in Explorer to see files, or use attrib command - just using dir probably isn't going to return anything. BE CAREFUL IN THIS DIRECTORY as it contains private keys. do not move or delete anything from here, just check permissions on the folder and each file. A shortcut way to check permissions is to select all and try opening in notepad - if any error out then focus on those for permissions.
ASKER
Just tried all of the above. Except certutil as i think this is only available on server2003. no permission errors in %userprofile%\Application Data\Microsoft\Crypto\RSA\ %SID%\. Same problem in MMC as in certmgr.msc
You can get certutil for XP as part of the 2003 adminpak:
http://www.microsoft.com/downloads/en/details.aspx?familyid=9bfb44f5-232a-4fb5-bc14-45bfd81b7ac1&displaylang=en
Certutil is included with all server OS 2000 and later, for clients it started with Vista.
Also try checking the other cert stores like Other People and see if maybe it got moved to there for some reason.
Assuming you are at current service pack & patches. Does this occur on multiple boxes in your environment? I'm assuming this isn't a test box that you haven't already reimaged it yet.
http://www.microsoft.com/downloads/en/details.aspx?familyid=9bfb44f5-232a-4fb5-bc14-45bfd81b7ac1&displaylang=en
Certutil is included with all server OS 2000 and later, for clients it started with Vista.
Also try checking the other cert stores like Other People and see if maybe it got moved to there for some reason.
Assuming you are at current service pack & patches. Does this occur on multiple boxes in your environment? I'm assuming this isn't a test box that you haven't already reimaged it yet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.