Error: "Password cannot be changed for an already installed private key."

Applies To:

All versions of Venafi Trust Protection Platform (TPP)

Problem Description:

When attempting to push the same certificate to multiple vips on a Load Balancer (e.g. NetScaler) you may get an error:

"Failed to install private key: Install key stopped. Password cannot be changed for an already installed private key."


Venafi improves management of certificates in several ways, one of which is allowing you to attach a certificate to multiple applications, both across several devices and even on the same device. When pushing that cert to each application, though the certificate information is consistent, the application and device information can be unique.

In this case, each application is configured to push the private key, but one of them used a different credential object than the other, or more specifically, one app on the same device used no credential object and the other did. Thus, the key was pushed, which resides in a single folder, during the first installation, and then on the 2nd installation, we tried to modify the key, and received the error.


Ensure that for single devices, all applications are configured the same. For instance, removing the credential object on both resolved the issue, AND adding the credential object for the private key on both ALSO resolved the issue.

Was this article helpful?
0 out of 0 found this helpful