We help IT Professionals succeed at work.

Cannot import certificate as CSP

jimime
jimime asked
on
Working through an issue with Exchange 2013 and the looping ECP/OWA. Appears to be a results of the certificate not being imported properly.  After exporting with the private and attempting to import with:

certutil -csp "Microsoft RSA SChannel Cryptographic Provider" -importpfx <path_to_cert>

Results in an error:

CertUtil: -importPFX command FAILED: 0x80090029 (-2146893783)
CertUtil: The requested operation is not supported.
Comment
Watch Question

Exec Consultant
Distinguished Expert 2019
Commented:
You can check out this which stated
Cause for this issue was that there was additional permission for System on following folder: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.

After  removing the permissions the issue no longer exists and the certificate can be imported and OWA is not looping anymore.
https://anotherexchangeblog.wordpress.com/2015/11/25/cannot-import-certificate-with-certutil-the-requested-operation-is-not-supported/
btanExec Consultant
Distinguished Expert 2019

Commented:
The solution is provided as due to address the cause of permission issue.