My Certificate on OCS Communicator Web Access (CWA) Server has expired. When i generated a new one from Enterprise CA and imported in the Local Computer Store of the server, i am getting the following error, when try to select the new certificate from CWA Console. The certificate's private key could not be verified. One possible cause is that this certificate was copied from a user to the computer account. The certificate must be installed directly into the computer account. Any help on how to resolve the private key issue or procedure to renew the certificate on my CWA would be of great help.Regards, K Phani Kumar IT Analyst Windows & Messaging Tata Consultancy Services

Hi, I am not familiar with OCS. According to the error message, it looks like the certificate is imported into the user store instead of the computer store as expected. The following article could be helpful: Installing a Web Server Certificate for Communicator Web Access http://technet.microsoft.com/en-us/library/dd441293(office.13).aspx This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

The certificate private key either does not exist on the server, or the link between the private key and the associated certificate has been broken. This link is never created if you use the Certificate Import Wizard to import the issued certificate into the Local Machine Personal store. When you create a certificate request on Windows (using LCSCMD.EXE, for example), the public/private key pair is also created. The private key is stored in a Key Container on the computer and is linked to a dummy-certificate object in the Certificate Enrollment Requests store. Once the CA processes the request and issues the certificate, the new certificate must be installed on the computer. The installation process is what creates the link between the private key and the certificate in the store. When the issued certificate is installed, it is placed in the Personal store. The private key information is read off of the dummy-certificate object still in the Certificate Enrollment Requests store and copied into the certificate metadata for the real certificate. Now that the certificate is linked to the private key, the dummy-certificate object is deleted from the Certificate Enrollment Request store. In order to install an newly issued certificate, you can do one of two things: 1. Right-click on the certificate file in the file system and select Install from the context menu. 2. From the command line, run certreq -accept <FileName.cer>. Both of these options require that you install the certificate on the same computer on which you generated the request. If you need to move the certificate and private key to a new computer, you will have to export them using the Certificate Export Wizard to a PFX file. In order for this to work, the private key must be set as exportable -- a flag that is set when the private key is generated. Nearly every method of generating a certificate request will allow you to specificy that the private key is exportable. Hope this helps, Jonathan StephensJonathan Stephens