Cannot export Private keys
-
Wednesday, January 30, 2013 4:46 AM
Hi there.
We have just built a Windows 2008R2 Enterprise PKI.
The PKI is up and running fine, however when I am trying to sign a certificate with the Root CA with the "Export Private Key" option enabled, once the certificate has been issued, the keys are not exportable.
Below is the certificate inf file that was used to create the request. Note that "Exportable=TRUE"
[Version]
Signature="$Windows NT$"[NewRequest]
Subject="CN=STG414262.clientdev.intradev.stg.com.au"
KeySpec=1
KeyLength=2048
Exportable=TRUE
MachineKeySet=TRUE
PrivateKeyArchive=FALSE
UserProtected=FALSE
UseExistingKeySet=FALSE
ProviderType=1
RequestType=PKCS10
ProviderName="Microsoft Strong Cryptographic Provider"
KeyUsage=0xF0
Silent=FALSE
SMIME=TRUE[EnhancedKeyUsageExtension]
OID="1.3.6.1.5.5.7.3.1"
OID="1.3.6.1.5.5.7.3.2"[RequestAttributes]
CertificateTemplate="Machine"
SAN="dns=stg414262.clientdev.intradev.stg.com.au"Thanks.
Gerald Sullivan.
All Replies
-
Wednesday, January 30, 2013 7:52 AM
this is because CA do not store private keys. This means that you need to export public certificate from CA server and install it on a client computer (where you generated the request) by using the following command:
certutil -accept certfilename.cer
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Check out new: PowerShell FCIV tool.- Proposed As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Thursday, January 31, 2013 6:22 AM
- Marked As Answer by Gerald Sullivan Thursday, January 31, 2013 10:46 PM
-
Thursday, January 31, 2013 10:46 PMThanks Vadims :D
.png)
