Create an association between the signed AD RMS certificate and the key pair in the Windows Certificate Store
This section explains how to associate the signed AD RMS certificate with its corresponding private key stored in your Windows account profile. Before making this association, you must import the CA certificate that issued the AD RMS certificate into the Trusted Root Certification Authorities Windows Certificate Store.
Import the CA Certificate that issued the AD RMS Certificate into the Trusted Root Certification Authorities Store
On the computer where you plan to install Microsoft AD RMS, open the Manage computer certificates program.
Right-click the Trusted Root Certification Authorities store and select All Tasks > Import.
Follow the steps in the Certificate Import Wizard to import the Root CA certificate file you exported from the KMES and moved to this computer in the previous section.
A confirmation message displays if the import succeeds.
Associate the signed AD RMS certificate with its corresponding private key stored in your Windows account profile
Open either the command prompt or PowerShell.
Go to the directory where you saved the signed AD RMS certificate file.
Run the following command to create an association between the signed AD RMS certificate and its corresponding key pair stored in your Windows account profile:
If the command succeeds, information about the installed certificate displays.