locked
Private Key is missing on Certificate in the Certificate Manager. RRS feed

  • Question

  • Good Day


    We have a problem where we encrypted files using EFS, however we can't access or decrypt these files now.

    We have the certificate in the certmgr.msc but we do see that the key is missing.


    I have reproduced this on another computer and was able to run certutil -repairstore -user MY "Serial Number" which worked in repairing the store and files was decryptable again.

    However on the machine that encrypted the files that we need to access this is not the case as there is a popup asking for your Smart Card.

    We are not using Smart Cards at all, and have had a look at the following article regarding this issue, but the hotfix didn't work: https://support.microsoft.com/en-us/kb/2955631


    I have software that can remove the encryption but will require the .pfx file, which can't be exported as the certstore doesn't show that it still has this.


    It is a self signed certificate generated by Windows, so I can't request a new one using the CA.

    Thanks for your help in advance.


    • Edited by Lamps02 Friday, August 12, 2016 10:44 AM Spelling mistake
    Friday, August 12, 2016 10:41 AM

Answers

  • Hi,

    I found an article may help you, please refer to the link:

    How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services

    https://support.microsoft.com/en-us/kb/889651

    Also you can check this article and see if it helps.

    http://www.entrust.net/knowledge-base/technote.cfm?tn=7905

    Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Tao


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 15, 2016 9:42 AM

All replies

  • Hi,

    I found an article may help you, please refer to the link:

    How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services

    https://support.microsoft.com/en-us/kb/889651

    Also you can check this article and see if it helps.

    http://www.entrust.net/knowledge-base/technote.cfm?tn=7905

    Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Tao


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 15, 2016 9:42 AM
  • Hi,

    We haven’t heard from you for a couple of days, have you solved the problem? How about the solution we have provided? We are looking forward to your good news.

    Best Regards,

    Tao


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 16, 2016 7:17 AM