Reintroduce the Certificate | Utimaco Integration Guides

The certificate must be deleted and imported to connect it with the key that is stored in the HSM. PowerShell was used for this task.

Get the certificate thumbprint

›_ PowerShell
PS> Get-ChildItem -Path cert:\LocalMachine\My PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- BE82E0FEC4B7F9DA33FF5CC2A0CC4D987F04A11B CN=DemoRootCa, DC=Uti2, DC=si Then we extract the container name PS> certutil -store my BE82E0FEC4B7F9DA33FF5CC2A0CC4D987F04A11B \| findstr "Subject: sha1 Unique Provider" Subject: CN=DemoRootCa, DC=Uti2, DC=si Cert Hash(sha1): be82e0fec4b7f9da33ff5cc2a0cc4d987f04a11b Unique container name: 2fc25277ec718baa2886124e04bc16e7_36ed1a95-76e3- 4398-a4c7-c31d5fce304f Provider = Microsoft Software Key Storage Provider

›_ PowerShell

PS> Get-ChildItem -Path cert:\LocalMachine\My

PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint Subject

---------- -------

BE82E0FEC4B7F9DA33FF5CC2A0CC4D987F04A11B CN=DemoRootCa, DC=Uti2, DC=si

Then we extract the container name

PS> certutil -store my BE82E0FEC4B7F9DA33FF5CC2A0CC4D987F04A11B | findstr

"Subject: sha1 Unique Provider"

Subject: CN=DemoRootCa, DC=Uti2, DC=si

Cert Hash(sha1): be82e0fec4b7f9da33ff5cc2a0cc4d987f04a11b

Unique container name: 2fc25277ec718baa2886124e04bc16e7_36ed1a95-76e3-

4398-a4c7-c31d5fce304f

Provider = Microsoft Software Key Storage Provider

Make sure that the file is located on the local disk (one of the two possibilities, depending on the installation)

›_ PowerShell
`PS> Get-Item C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\<container> PS> Get-Item C:\ProgramData\Microsoft\Crypto\Keys\<container>`

Delete the certificate

›_ PowerShell
`PS>Remove-Item -Path cert:\LocalMachine\My\<thumbprint> -DeleteKey`

Check if the certificate was deleted (one of the two possibilities, depending on the installation)

›_ PowerShell
`PS> Get-Item C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\<container> PS> Get-Item C:\ProgramData\Microsoft\Crypto\Keys\<container>`

Import the certificate

›_ PowerShell
`PS> certutil -addstore -f "My" "<CaName>.cer" Signature matches Public Key Certificate "DemoRootCa" added to store. CertUtil: -addstore command completed successfully.`

To create a link between the certificate and the private key, first find the certificate serial number

›_ PowerShell
`PS> certutil "<CaName>.cer" \| findstr Serial Serial Number: 3a9f8a8c61129593400f6738896afcc0`

And use the certutil command to repair the link

›_ PowerShell
`PS> certutil –f –repairstore –csp "Utimaco CryptoServer Key Storage Provider" my <serial> CertUtil: -repairstore command completed successfully`

If you are using Smartcard Authentication, the prompt will go on the PIN Pad device to insert Smartcard and enter the pin. Then press OK button on the PIN Pad.