Exporting Certificates with Private Key from Microsoft Managemenbt Console (MMC) RRS feed

  • Question

  • I am trying to set up S/MIME for use with O365 but cannot export the Private Key with my cert, but I have hit a snag trying to export my Certificate and Private Key.

    Long story short, you have to export the Cert/Private Key from the computer where the Cert was requested/issued. To do this, a support .Microsoft page says you need to export the cert/private key using MMC.

    Problem is, the option to export the Private Key is greyed out.

    So, I did some digging and every site i found said all I need to do is take ownership of the following folder and I will be able to export the Key:

    C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys

    So, I did that. But, I still do not have the option to export the private key.

    My question is, why is the option greyed out, and why can I not export the PrivateKey along with the cert from the MMC?

    I'd appreciate any help you'all can offer. ( I tried posting links and images for reference but technet says my account is not "verified" even though I have posted here a bunch of times)

    EDIT: I am using windows 10, not windows 7. I am on the computer where the cert was requested/issued and O365 was configured.

    Thursday, May 9, 2019 2:12 PM

All replies

  • Hi,

    Thank you for posting in Microsoft TechNet forum.

    First, please try to run the command sfc /scannow and DISM as an administrator to check if the files are corrupted.

    Meanwhile, please refer to the following link which may help:


    Best regards,


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Edited by hurry yang Monday, May 13, 2019 12:26 PM
    Friday, May 10, 2019 3:24 AM
  • Oh... My... God... did you seriously just tell me to run an sfc /scannow?

    How is that Microsoft's answer for everything in the world!???

    Friday, May 10, 2019 2:56 PM
  • sfc /scannow did nothing... shocker.

    and the superuser page you sent is not related to the same issue I am having. the user in the superuser page encrypted his cert and now he doesn't know how to de-encrypt it. I have done no such thing.

    The super user page leads me to a suggestion that I need to take ownership of the RSA/MachineKeys folder in order to export the cert wit the private key. As I had stated in my original post, I have already done this. That is why i opened a case here at technet. I was hoping you know something I don't. Apparently that is not the case. I sure hope you do not make more money than I do...
    Friday, May 10, 2019 3:03 PM
  • Hi,

    Thank you for your feedback.

    As mentioned in this article: This option will appear only if the private key is marked as exportable and you have access to the private key.

    This is determined by the certificate publisher. It is marked as not exportable so users cannot export this certificate.

    Best regards,


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Proposed as answer by hurry yang Wednesday, June 5, 2019 8:53 AM
    Monday, May 13, 2019 12:54 PM
  • Please don't waste everyone's time by responding if you don't have anything helpful to add. Your responses here are worse than useless: not only do they provide no assistance, they actually hinder people searching for information on this topic by filling search results with ignorant nonsense.
    Thursday, June 11, 2020 3:19 PM