D
Dieter Tontsch, mobileX
I have set up Key Recovery Agent for our autoenrolled email signing/encryption certificates issued by our own PKI. Everything works fine so far, I have already recovered a few keys meanwhile.
Now I have migrated my PKI and have issues to recover my keys solely on the PKI serve ritself, other servers, even my client pc, which ovbiusly have the KRA key installed, can do so, but not the PKI server.
If i run the follwing command I get this error:
certutil -getkey 3e00002d6f98cac52b8ad3d637000100002d6f C:\issuingCA\privkeys_recovery\test-private-key.key
Recovery blobs retrieved: 0
CertUtil: -GetKey command FAILED: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)
CertUtil: The requested property value is empty.
As I said, I only have issues on the new PKI server itself. It works on another server with the same Domain Administrator Account, even on my PC wmith my Account which is also allowed to do so.
kind regards,
Dieter
Continue reading...
Now I have migrated my PKI and have issues to recover my keys solely on the PKI serve ritself, other servers, even my client pc, which ovbiusly have the KRA key installed, can do so, but not the PKI server.
If i run the follwing command I get this error:
certutil -getkey 3e00002d6f98cac52b8ad3d637000100002d6f C:\issuingCA\privkeys_recovery\test-private-key.key
Recovery blobs retrieved: 0
CertUtil: -GetKey command FAILED: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)
CertUtil: The requested property value is empty.
As I said, I only have issues on the new PKI server itself. It works on another server with the same Domain Administrator Account, even on my PC wmith my Account which is also allowed to do so.
kind regards,
Dieter
Continue reading...