Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Internal error when importing pfx certificate

1,773 views
Skip to first unread message

sephilpot

unread,
Jan 2, 2009, 5:11:45 PM1/2/09
to
Hello. I am trying to use the wizard through Internet Explorer to
import a certificate that I need for my business. I have previously
imported certificates from the same people but for some reason this
one will not install. I keep getting the following error:

"An internal error occurred. The private key that you are importing
might require a cryptographic service provider that is not installed
on your system."

Here are some other important pieces of information:

*I currently have the certificate saved in "My Documents".
*I can get this same certificate to install on another computer.
*The file extension for this certificate is .p12.
*I am using Windows XP Home Edition, Service Pack 2, Version 2002.
*I am using Internet Explorer 7, Version 7.0.5730.
*I have changed permissions to the Crypto folder and all subfolders so
that every option has "Full Control". (I found this in another post.)
*Also in another post, I found where I should delete 2 third-party
registry subkeys if they existed but they do not.

I do not know what other information needs to be provided but if you
need anything else please let me know. I greatly appreciate any help
as I would love to get this resolved!

Thanks!

Brian Komar (MVP)

unread,
Jan 2, 2009, 5:57:57 PM1/2/09
to
Do you know what CSP the people used to create the certificate and private
key.
The error is stating that the computer you are attempting the installation
on does not have the CSP used to create and protect the private key
material.
Brian

"sephilpot" <seph...@yahoo.com> wrote in message
news:1a9b62aa-ec40-40f2...@s1g2000prg.googlegroups.com...

sephilpot

unread,
Jan 30, 2009, 10:23:46 AM1/30/09
to
On Jan 2, 5:57 pm, "Brian Komar \(MVP\)"

<brian.ko...@nospam.identit.ca> wrote:
> Do you know what CSP the people used to create the certificate and private
> key.
> The error is stating that the computer you are attempting the installation
> on does not have the CSP used to create and protect the private key
> material.
> Brian
>
> "sephilpot" <sephil...@yahoo.com> wrote in message

>
> news:1a9b62aa-ec40-40f2...@s1g2000prg.googlegroups.com...
>
>
>
> > Hello.  I am trying to use the wizard through Internet Explorer to
> > import a certificate that I need for my business.  I have previously
> > imported certificates from the same people but for some reason this
> > one will not install.  I keep getting the following error:
>
> > "An internal error occurred.  The private key that you are importing
> > might require a cryptographic service provider that is not installed
> > on your system."
>
> > Here are some other important pieces of information:
>
> > *I currently have the certificate saved in "My Documents".
> > *I can get this same certificate to install on another computer.
> > *The file extension for this certificate is .p12.
> > *I am using Windows XP Home Edition, Service Pack 2, Version 2002.
> > *I am using Internet Explorer 7, Version 7.0.5730.
> > *I have changed permissions to the Crypto folder and all subfolders so
> > that every option has "Full Control".  (I found this in another post.)
> > *Also in another post, I found where I should delete 2 third-party
> > registry subkeys if they existed but they do not.
>
> > I do not know what other information needs to be provided but if you
> > need anything else please let me know.  I greatly appreciate any help
> > as I would love to get this resolved!
>
> > Thanks!- Hide quoted text -
>
> - Show quoted text -

Hi Brian

No I do not know what they used. I can tell you that this company has
sent certificates before. They send them every year or two years
because they expire. How do I go about finding that out or what
should I do next?

Sue Ellen

Joe Kaplan

unread,
Jan 30, 2009, 12:17:57 PM1/30/09
to
I had this problem once before with a P12 file that had been
programmatically generated by a tool that was a little buggy. I used
openssl to examine the p12 and verify it and discovered that the p12 private
key data did not match the public key in the certificate. We never figured
out how this happened except that the tool that generated the p12 was hosed.

The useful thing was that openssl provided more detailed information as to
the nature of the corruption than the Windows crypto shell extensions did.

If there is only something slightly wrong with the P12, you may be able to
use openssl to export the individual parts into separate files and rebuild
the p12 correctly as well. It would depend on what's wrong.

Best of luck!

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net


"sephilpot" <seph...@yahoo.com> wrote in message

news:000f1ad3-1a9e-4594...@t26g2000prh.googlegroups.com...

Rudolf Kaertner

unread,
Feb 11, 2009, 4:48:10 AM2/11/09
to
not having Write-permission on the crypto-RSA-MachineKeys folder
leads to the very same error-message for standard User-certificates

Rudolf Kaertner

"Joe Kaplan" <joseph....@removethis.accenture.com> schrieb im
Newsbeitrag news:OrcYy6vg...@TK2MSFTNGP02.phx.gbl...

0 new messages