Error commands

This error refers to IIS 7 server and usually it can be a result of placing the certificate in the wrong certificate store or forgetting where it places the private key. Remember that only certificates that are stored in the Personal Section of the Local Computer can be used in IIS.

I. Repair a damaged certificate

1. Open up cmd.exe
2. Type: certutil -repairstore my "THUMBPRINT/SERIALNUMBER"
3. Go back into the IIS Manager and re-edit the bindings for this site.

II. Restore Certificate to the Local Computer Store

1. Open the Certificate Snap-In from within the MMC (Microsoft Management Console); Start -> Run -> Type "mmc" -> File -> Add/Remove Snap-in -> Add -> Certificates
2. Add Current User account: My User Account -> Finish.
3. Add Local Computer account: Computer account -> Local Computer -> Finish.
4. Close Add Standalone Snap-in.
5. Click Ok.
6. In a new window drag the certificate that will not install, out of the Other People store and drop it under the Local Computer -> Personal -> Certificates.
7. Open up a command prompt: Start -> Run -> Type cmd.
8. Type: certutil -repairstore my "THUMBPRINT_OF_CERTIFICATE" (with quotes)
9. You should now have the private key back on the certificate so now open up IIS and assign it to your website.

This means that you have tried to obtain your Code Signing certificate using the Google Chrome browser.

At this present time Google Chrome does not support chained certificate enrollment and you can not use another browser to collect this certificate because the private key was generated with Chrome and you must start the process from the beginning again using another browser such as Mozilla Firefox or Microsoft Internet Explorer.

You have a private key that corresponds to this certificate but CryptAcQuireCertificatePrivateKey failed'

1. Set the correct permission for Machinekey folder C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
2. Add administrator and system Full Control Permissions.
3. Restart IIS.

There are two possible causes for this error:

1. No root certificate for Keytool to chain to.
Note: Keytool relies on a root certificates in order to install the certificate.

2. Error occurs because the JDK keystore is very particular about the format of the Certificate.
This error is related to the format the certificate has been downloaded in. Please make sure you download the (default) PKCS#7 which contains a complete certificate chain and which includes your certificate, as well as the Signer's certificate (Root CA certificate).

It is not error, it says that you can not open a file. To view the file, change the extension from .cer to .p7b, save and open.

This error usually means that the system has a flawed implementation of SSL and is violating the SSL specification.

If you are using Apache 2 make sure that in the ports.conf file is:
 - Clip -
Listen 80
Listen 443 https
- Clip -
The https after the 443 tells the server to use SSL protocol.

When the CSR is generated with a key size smaller than 2048-bit, you will see errors: Your RSA key is too small! or This CSR uses an unsupported key size. To resolve it please regenerate CSR with key size of at least 2048-bit.

Usually this error (Cannot import a certificate with a thumbprint of XXXXXXXXXXXXXX) displays when the certificate has been already installed on the server.

If it is and you are trying to enable services on the server for this certificate, you can use a command:
Enable-ExchangeCertificate -Thumbprint [THUMBPRINT] -Services "POP, IMAP, IIS, SMTP" Note: replace [THUMBPRINT] with the correct thumbprint.

If the certificate is installed correctly and the error is displaying remove the product with Thumbprint in the error massage.