Certificate Renewals RRS feed

  • Question


    I've got two certificates installed on a production isa 2006 server servicing a couple of thousand users.  I want to create renewal requests for them. 


    When I go to export them as a backup, the option to export the private
    key is greyed out. 


    When I go to the mmc and try and 'renew a certificate with the same key'
    I get the error: 'The selected certifcate has no private key.  The smart card resource
    manager is not running.


    I tried starting the smart card service in windows services but that had no effect.


    Since this is an ISA server it doesn't have a website to try from.


    When I try 'renew a certifcate with a different key' I get: 'This certifcate
    cannot be renewed because it does not contain enough information to generate
    a renewal request.


    I don't know what server the original cert was created on.


    Is there any way round this or do I have to request a new certifcate.

    And should I request a new cert with the same key or a different one?

    Thursday, May 22, 2008 10:41 AM


  • Hello,


    Private key can't be exported unless you specify "mark keys as exportable". And the permission on the certificate template determines whether you can mark key as exportable in the process of certificate request.


    You may check the certificate in the General tab whether you have a private key that corresponds to the certificate.


    This error message "This certificate cannot be renewed because it does not contain enough information to generate a renewal request" indicates that the certificate template did not require enough information from the user to properly submita renewal. You can have a try to renew the certificate via web enrollment page with PKCS.


    For your reference:


    Request Certificates


    Friday, June 6, 2008 10:14 AM