Recently i have seen the issue of your public cert missing its key on import. The situation is when you create the required .req for your public certificate on edge you send the details off to the certificate authority of choice. Once they create and return the .crt file and the necessary trusted root and intermediate certs you import them into the Lync edge server only to find that the ‘sip.<domainname>.com’ cert is missing its private key.?
Why would this be the case when you originally generated the request on the Lync edge server? At this moment the only reason i can see is if another certificate with the same name has previously been imported onto the server. Apart from them i cannot find any other logical reason for why sometimes the newly imported certificate misses the private key.
if you are in this position, the simple fix to the cert is as follows
– On the imported certificate without the private key, double click the cert to show the information associated with it. Click on the details tab and look for the field called ‘Serial’. Copy the serial key into notepad and remove the spaces below the unique code. ie
WAS 5a 12 6e 7e ee 11 AMENDED 5a126e7e11
now still on the edge server open command prompt and type the following
certutil –repairstore my <Amended unique serial number>
eg: certutil –repairstore my 5a12637e11
press enter to commit it.
you will then be presented to information and also confirmation that the update has been successful.
now if you go into the certificate store and refresh you will see the certificate will now have the private key within it.
At this point you can go back to your Lync deployment wizard and assign the public cert to your edge server.