Wednesday, January 30, 2013 4:46 AM
We have just built a Windows 2008R2 Enterprise PKI.
The PKI is up and running fine, however when I am trying to sign a certificate with the Root CA with the "Export Private Key" option enabled, once the certificate has been issued, the keys are not exportable.
Below is the certificate inf file that was used to create the request. Note that "Exportable=TRUE"
ProviderName="Microsoft Strong Cryptographic Provider"
Wednesday, January 30, 2013 7:52 AM
this is because CA do not store private keys. This means that you need to export public certificate from CA server and install it on a client computer (where you generated the request) by using the following command:
certutil -accept certfilename.cer
Thursday, January 31, 2013 10:46 PMThanks Vadims :D