Private Key Missing When Importing Certificate

Sometimes when a certificate is imported the associated private key is missing, this can occur for a number of reasons - for example, the key being imported through the MMC Certificates console while the pending request is in Exchange/IIS.

Often this will result in errors when enabling the certificate within Exchange.

Enable-ExchangeCertificate : The certificate with thumbprint was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).

The fix is simple, find the serial number of the certificate and run the following command

certutil -repairstore my "SerialNumber"

There is a bug in Windows 8.1 and Server 2012 R2 where running certutil will prompt for credentials, however, it will only allow SmartCard Authentication. Microsoft have released a hotfix which is available from here.

If you enjoyed this post consider sharing it on , , , or , and .