Reconnecting to the private key fails with error message "Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)"

Assume the following scenario:

Cannot find the certificate and private key for decryption.
CertUtil: -repairstore command FAILED: 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)
CertUtil: Cannot find object or property.
certutil ^
-csp "Utimaco CryptoServer Key Storage Provider" ^
-repairstore my 4E82984CF51ACB39D1FE1C86BB11F54BE67B85D2

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

The error is in the environment of the hardware security module or its Key Storage Provider (no connection to the private key).

If the private keys are not stored on the HSM itself (e.g. Thales/nCipher and Utimaco Hardware Security Module), it must be ensured that the key is also available on the new system.

For Utimaco Hardware Security modules, for example, the key files must be stored in the following folder (if the default setting remains unchanged):

%ProgramData%\Utimaco\CNG\keys

Most HSM manufacturers also offer a corresponding tool to be able to check access to the private keys, for example Utimaco's cngtool.

en_USEnglish