Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Keyset does not exist problem.. seems common on the web - but have never seen a solution....

852 views
Skip to first unread message

Jediah L.

unread,
Apr 27, 2009, 10:48:12 AM4/27/09
to
Hello!

I'm trying to use the certreq to create a renewal for an existing
certificate. I have the certificate and it's private key installed in both
the Local Machine | MY, and the Current User | My store. I've tried both
with the key being exportable and not exportable, and have tried with it in
only one of the two stores - but neither has worked...

I create the renewal.inf (below) and I run the command "certreq -new
renewal.inf renewal.req" and it then shows the certificate prompt where I
can choose the certificate that was found using the RenewalCert hash; after
hitting ok; I receive the following errors (I have a checked/debug build of
the certreq for troubleshooting purposes)..

certreq.exe: 5.2.3790.0 retail (srv03_rtm.030324-2048)
1401.6158.0: 0x80090016 (-2146893802)
1401.6952.0: 0x80090016 (-2146893802)
1401.7080.0: 0x80090016 (-2146893802)
Certificate Request Processor: Keyset does not exist 0x80090016
(-2146893802)
[RequestAttributes]


In essence, the error is: "Keyset does not exist 0x80090016".

Because there is a [RequestAttributes] in the error message, I've tried
removing the RequestAttributes and supplying the value in -attrib, I've
tried just not supplying a value for the template type; I've tried removing
various request attributes like the Key Length and the KeySpec,
MachineKeySet, KeyUsage, SMIME, and nothing is working...


[Version]
Signature = $Windows NT$

[NewRequest]
KeyLength = 1024
KeySpec = 1
MachineKeySet = True
KeyUsage= 0xA0
SMIME = False
UseExistingKeySet = True
RenewalCert = 06200DB36C...[REMOVED]...CE9E73AD052D9

[RequestAttributes]
CertificateTemplate = "ApplicationAuthentication"


Any help would be appreciated!

Jediah L.

Jediah L.

unread,
Apr 27, 2009, 11:08:17 AM4/27/09
to
Ok, so I found that there is a parameter KeyContainer that must be set if
you use the UseExistingKeySet parameter - for some reason though; I've found
that in my paticular case, if I run the certreq command as a domain admin
(who has local admin rights to the machine) it's failing, but if I run the
command as a local admin - the command was successful.

Jediah L.


"Jediah L." <ri...@nospam.nospam> wrote in message
news:eastxc0x...@TK2MSFTNGP04.phx.gbl...

0 new messages