Skip to main content
Nintex Community Menu Bar
Knowledge Base

Reattach Private Key to SSL Certificate

  • December 22, 2023
  • 0 replies
  • 1116 views
  • Translate
A
Nintex Employee
Forum|alt.badge.img

Topic

You may be looking to renew an expiring certificate in RPA. However, when renewing a certificate, SSL providers will often reuse the original CSR submitted for old certificate to generate the new one. When the replacement certificate is added to Windows, the private key will not be linked to it and the certificate cannot be used with Nintex.
image.png

The image above shows two certificates in Windows Certificate Manager. One with and one without a private key. The one without a private key is the one without the yellow key icon.

Reminder: the private key is always stored in Windows and is never transmitted to the SSL provider. Therefore, they will not be able to provide it to you.

We can link the existing private key to the new certificate by following the steps below.


Instructions 

Install The New Certificate

  • Import the new certificate into Windows by right-clicking the certificate and clicking Install Certificate.

  • Choose Local Machine.

  • Click Next.

  • Select Place all certificates in the following store.

  • Click Browse.

  • Choose Personal.

  • Click OK.

  • Click Next.

  • Click Finish.

  • You will see a popup stating “The import was successful”.

  • Close the popup.

Open Certificate Manager

  • Press Win+R.

  • Type “mmc”.

  • Press enter.

  • Click File > Add/Remove Snap In…

  • On the left select Certificates.

  • Press Add.

  • Select Computer Account.

  • Click Next.

  • Click Finish.

  • Click OK.

  • On the left expand Console Root > Certificates (Local Computer) > Personal > Certificates.

  • You will see the certificate you imported but the icon will not have a yellow key icon next to it.

As long as the old certificate was installed on the same system, and even if you have already deleted it, the private key will be available (but hidden).

  • Double-click the new certificate.

  • Click Details.

  • Find the Serial number field and manually type the value to Notepad, without the spaces between the numbers.

The reason you have to manually type and copy the value is because there are hidden illegal characters displayed which will also be copied with a copy/paste operation.

  • Open a command prompt in administrator mode.

  • Run the following command:



certutil -repairstore my "Serialnumber"

For example:



certutil -repairstore my "0089376d972c2be002"

  • You should see the details of the certificate and a final line stating “CertUtil: -repairstore command completed successfully.“.

  • Return to Certificate Manager and refresh the window. You will now see that your new certificate has a key icon next to it.

 


    Did this topic help you find an answer to your question?

    0 replies

    Be the first to reply!

    Reply


    Sidebar Buttons
    Nintex Community Home Contact Nintex Support Email Nintex Community Check Nintex Status
    Terms & ConditionsCookie Settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie Settings