certificate - Windows 7 keytool alternative
2014-04
Is there a key and certificate manager similar to keytool which I can use on Windows 7?
I'll be needing the key for generating signatures and using certificates to interact with a web service.
I tried the whole day just to import a certificate in Windows XP, but I always failed. I did following:
Create the certificate with private key (no password):
makecert -sr LocalMachine -ss My -pe -sky exchange -n "CN=TestCert" -a sha1 -sv TestCert.pvk TestCert.cer
Then put certificate and private key together into pfx file:
pvk2pfx.exe -pvk TestCert.pvk -spc TestCert.cer -pfx TestCert.pfx
Import pfx file with command line tool (German System):
winhttpcertcfg.exe -I TestCert.pfx -a NT-AUTORITÄT\NETZWERKDInternet ExplorerNST -c LOCAL_MACHINE\My Error: Unable to import contents of PFX file. Please make sure the filename and path, as well as the password, are correct.
Hint: "NT-AUTORITÄT\NETZWERKDInternet ExplorerNST" --> "NT-AUTHORITY\NETWORKSERVICE"
Filename is ok, password was not set. Even if I set the password (e.g. "MyPassword") in Step 1 and type at the end of step 3:... -p MyPassword
I got the same error. Then I tried to import in the certificate console (mmc with certificate snap-in). There I got following error: "Der private Schlüssel, den Sie importieren, erfordert möglicherweise einen Dienstanbieter, der nicht installiert ist." --> "The imported private key may requires a service-supplier which is not installed". But the Microsoft Crypto-Service is up and running.
What else can I do?
On Windows Vista and Windows 7, I got this running without these problems.
I need this Certificate to run a WCF Service.
meanwhile I found the reason for the Problem. Some days before trying to import certificates with private keys, I changed the directory access rights of the location where the private keys are stored. I did following:
cacls "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys" /E /G "NT-AUTORITÄT\NETZWERKDIENST":R
After that I was no longer able to import certificates containing private keys. As soon as I revoked this particular access right the import of certificates worked well.
I do not understand, why adding an access right will result in practically less access right.
However, I hope this may help someone of you running into same problem.