views:

34

answers:

1

I work in company with many servers and Pcs for developers. Servers are win2003, PC developers Windows XP.

In a server Win2003 named preiis01, in preproduction environment, other people in company install a client certificate using any other user (unknown user for me) for logging in server preiis01.

I use my user "domainCompany\myuser" for log in server preiis01 (using Terminal Server, Remote Desktop for Windows XP).

in preiis01,

I execute mmc -> Snap in -> Certificates for Local Machine. In node -> Personal -> Certificates, I have seen the client certificate:

Issued To ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1

Issued By FNMT Clase 2 CA

In properties of certificate, I have seen thumbprint: "93 bc a4 ad 58 c9 3c af 8b eb 0b 2f 86 c7 9d 81 70 a6 c4 13"

Now, I execute this commands:

1.) FindPrivateKey My LocalMachine -n "CN=ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1" -a

and I get this error:

FindPrivateKey failed for the following reason: No certificates with key 'CN=ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1' found in the store.

2.) FindPrivateKey My LocalMachine -t "93 bc a4 ad 58 c9 3c af 8b eb 0b 2f 86 c7 9d 81 70 a6 c4 13" –c

and I get this:

*FindPrivateKey helps user to find the location of the Private Key file of a X.50 9 Certificate.

Usage: FindPrivateKey [{ {-n } | {-t } } [-f | -d | -a]]

   <subjectName> subject name of the certificate

   <thumbprint>  thumbprint of the certificate (use certmgr.exe to get it)

   -f            output file name only

   -d            output directory only

   -a            output absolute file name

e.g. FindPrivateKey My CurrentUser -n "CN=John Doe"

e.g. FindPrivateKey My LocalMachine -t "03 33 98 63 d0 47 e7 48 71 33 62 64 76 5 c 4c 9d 42 1d 6b 52" -c*

3.) winhttpcertcfg.exe -l -c LOCAL_MACHINE\My -s "ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1"

and I get this error:

Microsoft (R) WinHTTP Certificate Configuration Tool Copyright (C) Microsoft Corporation 2001. Matching certificate:

CN=ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1

OU=703015476

OU=FNMT Clase 2 CA

O=FNMT

C=ES

Error:

Access was not successfully obtained for the private key. This can only be done by the user who installed the certificate.

Access was not successfully obtained for the private key.

Any suggestions ??

Updated: by Marcel Roma (social msdn forums)

Most likely the certificate was installed by some other person in your company (e.g. administrator). Only that person has access to the private key of the certificate. Download the FindPrivateKey tool, ask the administrator to execute it to find out the directory where the private key file was saved, and let him set the needed rights so that the process can access the file.

There are also some reports about Windows XP failing to extract the private key from the file due to encoding issues:

http://blogs.msdn.com/b/alejacma/archive/2010/01/11/winhttpcertcfg-tool-cannot-access-private-key-of-a-certificate.aspx

+1  A: 

Log in as the user that installed the certificate (or a local administrator). Launch the FindPrivateKey tool. Go to security pane and add your own user to the list. You can now login in as yourself and control the certificate's private key.

klausbyskov
FindPrivateKey will open the file property dialog when it finds the certificate.
klausbyskov
My fight continues: http://stackoverflow.com/questions/3936065/certificates-cannot-find-the-certificate-and-private-key-for-decryption-error-wh ; FindPrivateKey don't get anything, but winhttpcertcfg.exe -l works fine (matching certificate)
alhambraeidos