none
Corrupt Certificate Store?

    Question

  • Hi,

    I have a user who has a strange issue with his Cert store. It only seems to be affecting his "personal" store. When inporting or creating a cert manually the certificate isn't staying in the store. It simply vanishes, not allowing anything to remain.It will create the key in C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\Keys, but the cert is nowhere to be seen. importing certs to other store works fine, it's just Personal.

    We eventually managed  to manually create the cert using the below command (same result for pfx and certs)

    Certutil –user –importpfx c:\temp\test.pfx

    This works, but when programs (in this case the user needs to use "Fiddler") try to create a cert, nothing is imported. This behaviour also occurs as another user logged on to the machine. all are local admins.

    I'm not massively confident with Cert Store, is there a quick way to repair or force permissions etc??

    (64bit, Win7 Enterprise)

    Thanks

    Monday, March 19, 2012 9:17 AM

All replies

  • "spudgun79" wrote in message news:8b787d1f-742a-46f1-9524-8e0707aa6820...

    Hi,

    I have a user who has a strange issue with his Cert store. It only seems to be affecting his "personal" store. When inporting or creating a cert manually the certificate isn't staying in the store. It simply vanishes, not allowing anything to remain.It will create the key in C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\Keys, but the cert is nowhere to be seen. importing certs to other store works fine, it's just Personal.

    We eventually managed  to manually create the cert using the below command (same result for pfx and certs)

    Certutil –user –importpfx c:\temp\test.pfx

    This works, but when programs (in this case the user needs to use "Fiddler") try to create a cert, nothing is imported. This behaviour also occurs as another user logged on to the machine. all are local admins.

    I'm not massively confident with Cert Store, is there a quick way to repair or force permissions etc??

    (64bit, Win7 Enterprise)

    Thanks

    Try checking the permissions on the folder.....
    I get
    icacls C:\Users\<username>\AppData\Roaming\Microsoft\Crypto
    C:\Users\<username>\AppData\Roaming\Microsoft\Crypto NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                                       BUILTIN\Administrators:(I)(OI)(CI)(F)
                                                       NoelAsus-PC\NoelAsus:(I)(OI)(CI)(F)
    and
    icacls C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\Keys
     
    C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\Keys NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                                            BUILTIN\Administrators:(I)(OI)(CI)(F)
                                                            NoelAsus-PC\NoelAsus:(I)(OI)(CI)(F)
     
     
    (but this in in a workgroup machine rather than a domain one)
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Monday, March 19, 2012 10:36 AM
  • all permissions are correct and as they should be.
    Friday, March 23, 2012 4:07 PM
  • This one's still an issue. if anyone has any ideas, would be greatly appreciated!
    Thursday, March 29, 2012 3:10 PM