Install certificare : recover "PRIVATE KEY"

Similar Messages

• Recovering Private Key Password

  I have a customer who is trying to load a private key from a file but can not remember the Private Key password. Does anyone have an idea of what the best way to recover this would be if its possible?

  this is not possible since this is the most important part of the security protocol.
  You have to created a new key and get a new certificate.
  Regards,
  Gilles.

• How to install PEM-format SSL private key from weblogic to NES

  I have unexpired PEM-format certificates in my weblogic 8.1sp4 domain. Since the architecture requires us to use Iplanet 6.0sp2 as the http/https server, we have to move the certificates to iplanet side. Is that possible ? Especially the private key ? Iplanet has key8.db format files. How do I install a PEM key in iplanet and store it in key3.db file ? Thanks !

  Hi
  I've already found code to answer my second question, but my first question still remains, is there a way that I can change a Encrypted Private Key Info for PEM to DER format??? I tried to delete the header and footer of some key in PEM format and Base64 decode the body, but It launches a Exception when I'm trying to create the EncryptedPrivateKeyInfo object.
  Thank you

• Installing Domain Controller certificates remotely - private key remains on local server!

  Using a 3rd party CA (Entrust), I have successfully requested and installed Domain Controller certificates via the Certificates MMC snap-in.
  I did this from one Domain Controller, and then just used the (right click) "Connect to another computer" option to do the rest.  Everything looks absolutely fine, the certificates look ok.... certificate chain is complete, and valid (all
  CA certs are installed) and the certificates say "You have the private key that corresponds to this certificate".
  If I do a LDAPS bind using LDP.exe, it works fine on the first DC.
  Do this on the next and I get the error:
  Cannot open connection
  Error 81 = ldap_connect(hLdap, NULL);
  Server error: <empty>
  Error <0x51>: Fail to connect to DCHostname.
  After some checking I looked in the folder C:\ProgramData\Microsoft\Crypto\Keys
  This contains a lot of files on the DC I was logged onto when installing the certs, and no files on any of the other DCs.  I am guessing this is the private key file and it has stored all of them on the local machine I was running MMC from rather than
  on the machines I connected to from MMC.
  Is there any way to get these keys onto the correct DCs now - or will I have to re-request all of the others.  The private key was not exportable.
  I figured copying and pasting them was probably not going to work with a private key, but I tried it anyway just to be sure!
  It is pretty annoying as no clue was given during the process of requesting and installing the certificates, and there is no error when you look at the certificate - they all think they have the private key associated to them, even though it rather looks
  like they don't!
  It's a bit painful requesting certificates here, so any help in avoiding this would be appreciated!  Thank you

  Thank you Elke,
  So I copied the key files across from the server where they were all generated to the server I remotely connected to (which had no key files at all).  Copied all just to be sure, though I’m
  pretty sure which one actually relates to that server as I did them all in order - reflected by the time stamps.
  Ensured all the permissions were the same, and that they were marked as ‘system’ files.
  Ran the command
  certutil -repairstore my [SerialNumber of cert]as
  you suggested, but no luck unfortunately.
  So firstly, I get the same error message:
  Cannot find the certificate and private key for decryption.
  CertUtil: -repairstore command FAILED: 0x80090010 (-2146893808)
  And then I get:
  CertUtil: Access denied.
  Not sure why the access denied, I am running elevated with full local and domain administration rights.
  Toby

• Deleted the public/private keys installed by iPCU & untrusted the certs

  Hi;
  it's early in the morning and i couldn't quite figure what was going on
  when:
  - new public and private keys "appeared" in keychain
  - a certificate was installed almost as soon as a plugged
  an iphone in while running iPhone Config Util (iPCU i now
  realize)
  From the console:
  Tue Jun 30 02:39:45 unknown mcmobiletunnel[363] <Warning>: added object <NSCFType: 0x1073d0> to keychain as iPCUHost-D3FA2B23-E0D0-4C42-A48B-DFXXXXXXXX-HostCert success 1 error 0
  What it looks like is on connecting the iPhone "phoned home" and snagged a certificate and public and private keys to install on my MacBook Pro.
  I deleted these not realizing who iPCUHost was (an earlier cert was marked as untrusted on a pass trhough my certs earlier).
  OK: so *how* do i recreate the public/private keys? the Certificates in Keychain?
  Tried: downloading and re-installing iPCU
  Tried: Time Machine to earlier version if iPCU & using Software update to Update.
  This is where things look unhappy in the iPCU console:
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: main: Could not receive request from host.
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive size of message
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive message
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: main: Could not receive request from host.
  Thx
  Jim

  I'm in the same situation here. While trying out the iPCU, I noticed my test devices were showing up with a certificate of "iPCUHost...". I was hoping to replace this default cert with one from our own CA, and in the process of messing around I tried deleting all of those certs from my Keychain. They deleted just fine, and after a sync the cert also disappeared from the connected iPhone. Unfortunately, there is no obvious way to replace that cert and as of now, I cannot install any profile to the device that has had the cert removed. If I select the device and click "Install" on a profile, nothing happens... no errors, no console messages, it just does nothing.
  I'm not quite sure how to replace the missing cert, and in particular how to replace it with one of our own rather than the default. Surely we don't have to actually develop a web service just to install certs... (see page 21 of the Enterprise Deployment Guide)
  -mike

• Exporting SSL Private Key

  In the midst of an apocalyptic SSL install in 10.4 server. Currently, I am trying to install a wildcard cert via Server Admin, which may have been a mistake. After smashing my head for a week, I tried a new tack and rebuilt the system keychain and attempted to install the certificate; this failed at the level of Server Admin. However, in Keychain Access I am showing the SSL cert, public and private keys, and the CA's cert, all valid.
  Since I know of no other way to do get KA talking to SA so that I can actually use this certificate, I am trying to export the valid certs and keys to import. My problem is this, the certs and public key export fine, the private key fails returning an error of Unable to Export CLINTERNALERROR. I double checked that root is enabled in netinfo. Any ideas on how to rectify this?

  I believe you have to run Keychain Access as root to export the private key.
  sudo /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access

• Reconver SSL private key?

  I have a bit of a dilemma since I tried to install an SSL certificate on my server that needs intermediate certs. Here's what I did:
  1) In Server Admin, create a new key for my domain and use that key to create a CSR to send to a certificate authority. (This creates a public key, a private key and a self-signed certificate in the system keychain on the server).
  2) Sent the CSR away and got the signed certificate back.
  3) Used Server Admin to add the signed certificate to the existing domain cert (this replaces the self-signed cert). Restart services etc.
  Here's the problem: the cert that I have needs intermediate certs installed in order to be functional- currently the certificate shows as an untrusted authority. If I delete the current certificate in Server Admin to start again from scratch, it will delete the private key that I need to reinstall. I downloaded the intermediate certificates from the CA's website, but now the certificate installed on the server can't be modified. Besides, there is no place to enter the intermediate certificates. My plan was to try to paste all the certs into the box where it asks for the new certificate, but no joy since it is now locked.
  I would like to create a new certificate (there is a place in there to install intermediate certs), but I'll need to get my private key out of Keychain Access into a pem formatted file but I can't seem to get the thing to export.
  Questions:
  1) Is there a way to export a private key from Keychain Access so that it can be used for server admin?
  2) Is there a way to get at this from the command line?
  3) Is there some other procedure that can magically fix this problem?
  Thanks,
  Miles

  Thanks,
  This is the part that I was looking for:
  Launch Keychain Access as root:
  sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access &
  I then went here http://www.gridsite.org/wiki/Convert_p12 and converted the p12 to pem so I could use it in server admin.
  Thanks again,
  Miles

• Private key import via ImportPrivateKey

  I used the Certificate web app included with WLS 7.0 SP1 to generate my private
  key and my CSR. I then used the CSR to request a certificate from my Dept. of
  Defense Certificate Authority. I received my certificate. I then tried to use
  the WLS ImportPrivateKey utility to import my key with the following steps as
  shown in the ImportPrivateKey reference example.
  1) I used keytool -printcert to verify the contents of my servercert.pem file
  and my CAcert.pem file.
  2) I combined the certificate returned for my server with the CA's root certificate
  cat servercert.pem CAcert.pem > combined.pem
  3) I converted my private key file produced by the Certificate web app to pem
  format using the WLS der2pem utility
  4) I ran the Import utility
  java utils.ImportPrivateKey serverkey.jks store_pwd key_alias key_pwd combined.pem
  server_private_key.pem.
  I received the following error.
  ImportPrivateKey will create serverkey.jks
  ImportPrivateKey failed, java.security.KeyManagementException: ASN.1: Unxpected
  ASN.1 tag
  java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
  at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
  Source)
  at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
  Source)
  at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:76)
  at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:44)
  at utils.ImportPrivateKey.main(ImportPrivateKey.java:32)
  Does anyone have an idea where I went wrong? Can anyone offer an explanation?
  Thanks

  "Mallik" <[email protected]> wrote in message
  news:3f3274e9$[email protected]..
  >
  I am trying to install weblogic generated ssl certificate and because theprivate
  key needs to be encrypted with a password, i am loading this in a new JDKkeystore
  and trying to configure WL.
  I am running utils.CertGen from weblogic 7.0 sp3 on XP.
  X:\SSLTest>java utils.CertGen testpassword testcert testkey
  Creating Domestic Key Strength - 1024
  ..... Certificate CommonName will contain Hostname KUNDULA_M-DGS
  Encoding
  Try this on 8.1 and see if it works. There was a bug fix with respect to "_"
  in hostnames.

• Private key for encryption / decryption in PI

  Hi Experts,
  Where do we find the private key installed in PI system that is used for secur communication ?
  Thanks,
  Dhawal

  Hi Dhawal,
  Did you try to search on SDN before asking this ?
  There are many article available. Have a look at  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40a08db9-59b6-2c10-5e8f-a4b2a9aaa3d2?quicklink=index&overridelayout=true and http://help.sap.com/saphelp_NW04/helpdata/en/39/83682615cd4f8197d0612529f2165f/content.htm.
  Regards,
  Sunil Chandra

• Private key file from acs 3.3

  Hi All ,
             I have my SSL server certficate on my old acs 3.3.along with private key file , How i can export this private file with .pem extension from windows 2000 server , This private key file is not identified under certficate mmc console  , Because my acs application is being installed on a separate hardisk partion under D drive .
  file path : d:\Certificates\bh02cacsw02.pem
               how i can export this.pem from that particular folder , Thank you

  Hi,
  i see that you have mentioned the path d:\Certificates\bh02cacsw02.pem.
  The private key will have an extension of .pvk.
  are you aware of the location where private key is stored?? if yes, you can directly copy the private key and export.
  I am bit confused of you requirement.. do you want to export the cert with the private key??
  You can check the cert in the ACScertStore folder in MMC.
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Calibri","sans-serif";}
  MMC > Click on File > Add/Remove Snap-in > Add > Certificates > Add > Computer Account > Local Computer > Finish > Close > OK.
  Hope this helps.
  Regards,
  Anisha
  P.S.: Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

• Private Key Not Found Error in Ldaps

  Hi,
  I am facing "Private Key Not Found" Error in ldaps. The key and the SSL certificate is stored under the same location. The certificate is self signed certificate and in .pem format. When I am trying to install the certifcate through SUN ONE Console it throws the following error
  "Either this certificate is for another server, or this certificate was not requested using this server".
  can any one help me in this regard.
  Regards
  Senthil
  Edited by: senlog80 on Dec 30, 2008 3:18 AM

  Or even better, check the note <a href="https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=924320&_NLANG=E">924320</a>.
  <b>Symptom</b>:
  When you execute a query with virtual characteristics or key figures, the system issues the following error message:
  Object FIELD I_S_DATA-<key figure> not found
  <b>Other terms</b>
  RSR00002, RSR_OLAP_BADI
  <b>Reason and Prerequisites</b>
  This problem is caused by a program error.
  <b>Solution</b>
  If the virtual characteristics or key figures are implemented using the enhancement RSR00002 (CMOD), implement the corrections.
  If the virtual characteristics or key figures were created directly as implementations of the RSR_OLAP_BADI BAdI, compare the source code of the INITIALIZE method with the corresponding source code example. During the call of GET_FIELD_POSITIION_D, <L_S_SK>-VALUE_RETURNNM must be transferred instead of <L_S_SFK>-KYFNM.
  Import Support Package 08 for SAP NetWeaver 2004s BI (BI Patch 08 or SAPKW70008) into your BI system. The Support Package is available when Note 0872280"SAPBINews BI 7.0 Support Package 08", which describes this Support Package in more detail, is released for customers.
  In urgent cases, you can use the correction instructions.
  To provide advance information, the note mentioned above may be available before the Support Package is released. In this case, the short text of the note still contains the words "Preliminary version".
  Assign pts if helpful.

• Private Key File problem

  I have Weblogic Server Version 6.0. I created Private Key File using Certificate
  Request Generator Servlet. It created the the private key file (.der) file &
  CSR using which I got the Trial Server Certificate from Verisign. I installed
  the certificate (.pem) and configured the server. When I restarted the server
  it gives the following EOFException while reading the Private Key File : (I gave
  the Private Key password while generating the private key file from the servlet)
  <Dec 21, 2001 7:43:08 PM GMT+05:30> <Alert> <WebLogicServer> <Security configura
  tion problem with certificate file config/mydomain/TTI-D066-key.der, java.io.EOF
  Exception>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:398)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Thanks in advance for any solutions...
  Regards,
  Venkatesan

  Hi,
  please check if you provided the private key password which was used to
  create the file in the following property
  -Dweblogic.management.pkpassword
  on the command line correctly.
  In addition, please check "Use Encrypted Keys" to "true" in <server>->SSL
  tab from the admin console.
  Maria
  Developer Relations Engineer
  BEA Support
  Venkatesan schrieb in Nachricht <3c234536$[email protected]>...
  >
  I have Weblogic Server Version 6.0. I created Private Key File usingCertificate
  Request Generator Servlet. It created the the private key file (.der) file&
  CSR using which I got the Trial Server Certificate from Verisign. Iinstalled
  the certificate (.pem) and configured the server. When I restarted theserver
  it gives the following EOFException while reading the Private Key File : (Igave
  the Private Key password while generating the private key file from theservlet)
  >
  <Dec 21, 2001 7:43:08 PM GMT+05:30> <Alert> <WebLogicServer> <Securityconfigura
  tion problem with certificate file config/mydomain/TTI-D066-key.der,java.io.EOF
  Exception>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:398)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Thanks in advance for any solutions...
  Regards,
  Venkatesan

• SSL CertGen & Private key import errors - 7.0

  I am trying to install weblogic generated ssl certificate and because the private
  key needs to be encrypted with a password, i am loading this in a new JDK keystore
  and trying to configure WL.
  I am running utils.CertGen from weblogic 7.0 sp3 on XP.
  X:\SSLTest>java utils.CertGen testpassword testcert testkey
  Creating Domestic Key Strength - 1024
  ..... Certificate CommonName will contain Hostname KUNDULA_M-DGS
  Encoding
  Created Private Key files - testkey.der and testkey.pem
  com.rsa.certj.cert.CertificateException: Cannot build Cert Request Info: Unable
  to encode X500Name.
  at com.rsa.certj.cert.PKCS10CertRequest.getCertRequestInfoDEREncoding(PKCS10CertRequest.java:824)
  at com.rsa.certj.cert.PKCS10CertRequest.signCertRequest(PKCS10CertRequest.java:1082)
  at utils.CertGen.createCertificateRequest(CertGen.java:312)
  at utils.CertGen.processCommand(CertGen.java:185)
  at utils.CertGen.main(CertGen.java:170)
  com.rsa.certj.cert.CertificateException: Cannot build Cert Request Info: Unable
  to encode X500Name.
  at com.rsa.certj.cert.PKCS10CertRequest.getCertRequestInfoDEREncoding(PKCS10CertRequest.java:824)
  at com.rsa.certj.cert.PKCS10CertRequest.signCertRequest(PKCS10CertRequest.java:1082)
  at utils.CertGen.createCertificateRequest(CertGen.java:312)
  at utils.CertGen.processCommand(CertGen.java:185)
  at utils.CertGen.main(CertGen.java:170)
  I went ahead and ran the same CertGen on unix and got the certificate file and
  the key file
  to my box to check to see if i can install it. I created a new keystore with keytool,
  loaded the private key with the alias and the password phrase, made this key store
  the default keystore, supplied the management password, changed the files to read
  the new cert file and key file.
  Attached is the log for the SSL debug.
  Do i need to import the private key stored in the JDK for weblogic ? I tried doing
  that by running.
  X:\>java utils.ImportPrivateKey X:\bea\user_projects\mydomain\mystore.jks mypass
  myalias pvtPasswd X:\bea\user_projects\mydomain\localcert.pem X:\bea\user_projects\mydomain\localkey.pem
  ImportPrivateKey will use existing X:\bea\user_projects\mydomain\mystore.jks
  ImportPrivateKey failed, java.security.KeyManagementException: ASN.1: Unxpected
  ASN.1 tag
  java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
  at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
  Source)
  at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
  Source)
  at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:76)
  at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:44)
  at utils.ImportPrivateKey.main(ImportPrivateKey.java:32)
  X:\>
  Attached log is SSL debug enabled and it cant see the private key.
  Any help is appreciated.
  thanks,
  mallik
  [ssldebuglog.txt]

  "Mallik" <[email protected]> wrote in message
  news:3f3274e9$[email protected]..
  >
  I am trying to install weblogic generated ssl certificate and because theprivate
  key needs to be encrypted with a password, i am loading this in a new JDKkeystore
  and trying to configure WL.
  I am running utils.CertGen from weblogic 7.0 sp3 on XP.
  X:\SSLTest>java utils.CertGen testpassword testcert testkey
  Creating Domestic Key Strength - 1024
  ..... Certificate CommonName will contain Hostname KUNDULA_M-DGS
  Encoding
  Try this on 8.1 and see if it works. There was a bug fix with respect to "_"
  in hostnames.

• Private Key, Hash , sa password

  I didn't do the installation for this ecommerce site, I am just coming in later to customize the site and I was told that the initial installation was complete.  When I try and browse to the site of check sync manager I am getting 2 errors that I have never seen before.  The first is when I run the sync manager I get Private Key is incorrect or Hash not set.  I have gone in and checked and the private key is correct if I look at the web.config?  I am also getting a login failed for user "sa" when I try and browse to the site.  I was told the sa password is correct and the password works fine in the server config section of the sync manager.  Has anyone ever encountered anything similar to this?  When I searched the forums I found nothing like this.  I have done a few installations using SAP E-Commerce but I am far from an expert.
  Thanks

  Well, if the sa password is working in SynchManager but not on the website, then you definitely have an authentication problem. This is quite simple to fix.
  You'll need to recreate your Web Tools configuration in the instances.xml file located in your eCommerce Program Files directory. If you edit it, you will be able to see one "instance" XML node for each instance that you have installed. The one you want to remove should have an InstanceName attribute value that matches the name that you see in the Installer. Once you decide that this needs to be removed, you can either delete the node or simply comment it out using XML/HTML comments - it certainly wouldn't hurt to make a backup of this file in any case.
  After you've done this, you'll want to rerun the Installer, but in Instance-Only mode - this can be done by executing "installer.exe -i". The installer will automatically start an Advanced Install, but once it gets to the final step where all the action takes place, there will be a message that states that all of the steps will be skipped. Clicking finish will not overwrite anything, but instead place a new configuration in your instances.xml file of the configuration you just set up. This will allow you to re-enter the SQL login name and password for the website.
  Let me know if I've muddied or cleared the waters for you.

• SChannel error- The SSL server credential's certificate does not have a private key information property attached to it.

  We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
  to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
  fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
  not have a private key information property attached to it"  There is no software firewall set on the DC. When I run Certutil -VerifyStore MY  it shows the current certificates as well as the revoked and expired certificates
  correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
  FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
  expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
  point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
  appreciated.

  Hi,
  Have you tried this?
  How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
  http://support.microsoft.com/kb/889651
  Best Regards,
  Amy