DeployCommerceEngine CreateWebsite- Error Generating Self Signed Certificate: Cannot find object or property (CRYPT_E_NOT_FOUND)

In the DeployCommerceEngine task of the Sitecore Experience Commerce 9.0.2 install script, there is a step to create the website [1]. I hit the following error at this point:

CertEnroll::CSignerCertificate::Initialize: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)

The certificate is created by the script using the New-SelfSignedCertificate PowerShell cmdlet. The error above is basically saying that it couldn't find the root certificate authority to sign the certificate with. You can ignore this and create your own self-signed certificates manually using MakeCert.exe.

First, generate a root certificate using the following script (cmd) [2]. Once created, import it into the Trusted Root CA Certificate Store:

makecert.exe ^
-n "CN= Sitecore Root CA" ^
-r ^
-pe ^
-a sha512 ^
-len 4096 ^
-cy authority ^
-sv SitecoreRootCA.pvk ^

pvk2pfx.exe ^
-pvk SitecoreRootCA.pvk ^
-spc SitecoreRootCA.cer ^
-pfx RootCA.pfx ^
-po PasswordHere

Second, create your server certificate for the engine site by signing it with the above created root CA using the following script (cmd) [2:1]. Once done, import it into the Personal certificate store and IIS server certificates:

makecert.exe ^
-n "CN=localhost" ^
-iv SitecoreRootCA.pvk ^
-ic SitecoreRootCA.cer ^
-pe ^
-a sha512 ^
-len 4096 ^
-b 01/01/2018 ^
-e 01/01/2021 ^
-sky exchange ^
-eku ^
-sv %1.pvk ^

pvk2pfx.exe ^
-pvk %1.pvk ^
-spc %1.cer ^
-pfx %1.pfx ^
-po PasswordHere

  1. This was at SIF.Sitecore.Commerce.1.2.14\Modules\ManageCommerceService\ManageCommerceService.psm1 ('Create-Website' action) ↩︎

  2. Scripts sourced and modified from: ↩︎ ↩︎