certificate - Windows 7 keytool alternative

06
2014-04
  • Isaac Kleinman

    Is there a key and certificate manager similar to keytool which I can use on Windows 7?

    I'll be needing the key for generating signatures and using certificates to interact with a web service.

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    HowTo import Certificate (pfx) with private key in Windows XP
  • Questioner

    I tried the whole day just to import a certificate in Windows XP, but I always failed. I did following:

    1. Create the certificate with private key (no password):

      makecert -sr LocalMachine -ss My -pe -sky exchange -n "CN=TestCert" -a sha1 -sv TestCert.pvk TestCert.cer

    2. Then put certificate and private key together into pfx file:

      pvk2pfx.exe -pvk TestCert.pvk -spc TestCert.cer -pfx TestCert.pfx

    3. Import pfx file with command line tool (German System):

      winhttpcertcfg.exe -I TestCert.pfx -a NT-AUTORITÄT\NETZWERKDInternet ExplorerNST -c LOCAL_MACHINE\My
Error:  Unable to import contents of PFX file.
    Please make sure the filename and path,
    as well as the password, are correct.

      Hint: "NT-AUTORITÄT\NETZWERKDInternet ExplorerNST" --> "NT-AUTHORITY\NETWORKSERVICE"
      Filename is ok, password was not set. Even if I set the password (e.g. "MyPassword") in Step 1 and type at the end of step 3:

      ... -p MyPassword

    I got the same error. Then I tried to import in the certificate console (mmc with certificate snap-in). There I got following error: "Der private Schlüssel, den Sie importieren, erfordert möglicherweise einen Dienstanbieter, der nicht installiert ist." --> "The imported private key may requires a service-supplier which is not installed". But the Microsoft Crypto-Service is up and running.

    What else can I do?
    On Windows Vista and Windows 7, I got this running without these problems.
    I need this Certificate to run a WCF Service.


    • Related Answers
  • studiohack

    meanwhile I found the reason for the Problem. Some days before trying to import certificates with private keys, I changed the directory access rights of the location where the private keys are stored. I did following:

    cacls "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys" /E /G "NT-AUTORITÄT\NETZWERKDIENST":R

    After that I was no longer able to import certificates containing private keys. As soon as I revoked this particular access right the import of certificates worked well.

    I do not understand, why adding an access right will result in practically less access right.

    However, I hope this may help someone of you running into same problem.