Install-SitecoreConfiguration : Cannot validate argument on parameter ‘Signer’. The “$_.HasPrivateKey -eq $true”

I  was assuming installing Sitecore 9 using Sitecore Installation Framework (v2.0) will be a cakewalk being I’m so late to the party. However,  my assumption went horribly wrong when I hit a roadblock on the very first step.

I have configured my local environment for Sitecore 9 initial release with all the necessary requirements as below

1. Microsoft Powershell 5.0+
2. Web Platform Installer 5.0
3. Solr with SSL ( There is a quick way to get SSL without Keytool)

After meeting required pre-requisites, I have executed below commands in PowerShell in admin mode

Import-Module C:\custompath\SitecoreFundamentals
Import-Module C:\custompath\SitecoreInstallFramework

After importing the above modules, I have made the changes in the install.ps1 file to configure the installation settings and execute below command.

C:\resourcefiles\install.ps1

It threw below exception.

[—————————————- CreateSignedCert : NewSignedCertificate ————————————] VERBOSE: Resolving ConfigFunction extension ‘GetCertificate’ VERBOSE: Resolved ‘Invoke-GetCertificateConfigFunction’ VERBOSE: Invoke-GetCertificateConfigFunction VERBOSE: Id: DO_NOT_TRUST_SitecoreRootCert VERBOSE: CertStorePath: cert:\LocalMachine\Root VERBOSE: Found Cert(s) with thumbprint: XXXXXXXXXXXXXXXXXXXXXX Install-SitecoreConfiguration : Cannot validate argument on parameter ‘Signer’. The “$_.HasPrivateKey -eq $true” validation script for the argument with value “[Subject] CN=DO_NOT_TRUST_SitecoreRootCert, O=DO_NOT_TRUST, OU=Created by https://www.sitecore.com [Issuer]
CN=DO_NOT_TRUST_SitecoreRootCert, O=DO_NOT_TRUST, OU=Created byhttps://www.sitecore.com [Serial Number]
575C8CA6DFB4129D49F47FA7681558D4 [Not Before] 11/28/2018 5:32:24 AM [Not After] 11/26/2028 5:32:24 AM [Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXX ” did not return a result of True. Determine why the validation script failed, and then try the command again. At C:\resourcefiles\Install.ps1:18 char:1 + Install-SitecoreConfiguration @certParams -Verbose + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-SitecoreConfiguration
[TIME] 00:00:02 Invoke-NewSignedCertificateTask : Cannot validate argument on parameter ‘Signer’. The “$_.HasPrivateKey -eq $true” validation script for the argument with value “[Subject]
CN=DO_NOT_TRUST_SitecoreRootCert, O=DO_NOT_TRUST, OU=Created byhttps://www.sitecore.com [Issuer] CN=DO_NOT_TRUST_SitecoreRootCert, O=DO_NOT_TRUST, OU=Created by https://www.sitecore.com [Serial Number] Bla Bla Bla[Not Before] 11/28/2018 5:32:24 AM [Not After] 11/26/2028 5:32:24 AM [Thumbprint]
XXXXXXXXXXXXXXXXXXXXX” did not return a result of True. Determine why the validation script failed, and then try the command again. At C:\Program Files\WindowsPowerShell\Modules\SitecoreInstallFramework\2.0.0\Public\Install-SitecoreConfiguration.ps1:641 char:47 + & $entry.Task.Command @paramSet | Out-Default

After going through various forums and blogs, going through PowerShell scripts nothing could much help me. I have tried deleting all existing certificates, however no luck.

After scratching head for almost 3 hours, it seems that there is some issue with the certificate store location when creating the self-signed certificate.

I have closed all active PowerShell sessions, deleted all DO_NOT_TRUST* certificates from all certificate store and C:\certificates\. I have opened “xconnect-createcert.json” and changed the below line of code.

From 
"StoreLocation": "CurrentUser", 
To
"StoreLocation": "LocalMachine",

Woooooohooooooo! It installed self-signed certificates.

Happy Learning!