Certificate properties are overwritten when you import a certificate and the key pair is unavailable to the newly-imported certificate (842215)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

SYMPTOMS

When you use the Microsoft Certificate Import Wizard to import either a certificate (.cer) file or a key and certificate (.pfx) file to a certificate store, both of the following symptoms may occur:
  • The original certificate properties are replaced with the properties of the newly-imported certificate.
  • The newly-imported certificate has two key pairs that are associated with it. However, the original key pair that was associated with the original certificate is unavailable to the newly-imported certificate. Therefore, the original key pair for the user profile becomes orphaned.
Note These symptoms only occur if the following conditions are true:
  • The user is using the same user profile and computer where the certificate was originally imported.
  • The certificate is re-imported to a store where the same certificate already exists.

CAUSE

The problem occurs because the certificate import operation overwrites the existing certificate and creates a new key store.

MORE INFORMATION

When this problem occurs, the imported certificate overwrites the properties of the existing certificate. The certificate properties that may be overwritten include the level of protection and export support.

The key pair is not overwritten. A new key pair store is created every time a certificate is re-imported. However, when this problem occurs the original keys become detached or orphaned from the certificate.

Note This problem may also occur if roaming profiles are used. A certificate import on one computer overwrites the certificate properties on all computers that are used by the roaming profile.

For more information about how to import a certificate, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/WINDOWSXP/home/using/productdoc/en/sag_CMprocsImport.asp

For more information about importing and exporting certificates, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/WINDOWSXP/home/using/productdoc/en/sag_CMimportExport.asp

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Modification Type:MinorLast Reviewed:10/13/2004
Keywords:kbwinservds kbActiveDirectory kbtshoot kbprb KB842215 kbAudITPRO kbAudEndUser
©2004 Microsoft Corporation. All rights reserved.