none
Certificate Private Key not exportable even though "Allow private key to be exported" box is ticked in template RRS feed

  • Question

  • Hi All,

    as the headline says. The certificate is based on a template that allows export of the private key.

    However, if I try to export the key, the option to get the .pfx is grayed out.

    My steps:

    1) Go to cert store, rightclick certificate -> All tasks -> Export

    2) Welcome page shows -> Next

    3) The wizard jumps directly to the "Export File Format" window, but the .pfx option is grayed out.

    The page in between, where I should be able to click "Yes, export the private key" doesn't show up at all.

    Does anyone have an idea why this could be happening? Could there be some policy preventing the export or something? Can't upload pictures yet, but will add them as soon as possible.

    Looking forward to your answers and thanks in advance!

    Cheers

    D


    • Edited by rec tec Thursday, March 12, 2020 11:07 AM
    Thursday, March 12, 2020 11:06 AM

Answers

  • yeah, for some reason I "don't a private key" for that certificate. Same is true for the identical certificate in the personal certificat folder. 

    Problem is described in more detail in this thread: https://social.msdn.microsoft.com/Forums/ie/en-US/7c8a4dc1-1615-439c-bf0f-3c60e6d5d7ea/pki-2012r2-mail-encryptionsignature-template-mystery?forum=winserversecurity

    This question can be closed.

    • Marked as answer by rec tec Monday, March 16, 2020 12:34 PM
    Monday, March 16, 2020 12:34 PM

All replies

  • Hi All,

    I can upload now, so here are the pictures.

    This is the template:

    This is my cert store. Sorry for the GUI being in German. Company policy...


    And this is the window I get when I want to export the .pfx:

    So, for some reason I can't export the key and I dont get why. Any ideas from the experts?

    Cheers

    D

    • Edited by rec tec Friday, March 13, 2020 8:28 AM
    Friday, March 13, 2020 8:26 AM
  • yeah, for some reason I "don't a private key" for that certificate. Same is true for the identical certificate in the personal certificat folder. 

    Problem is described in more detail in this thread: https://social.msdn.microsoft.com/Forums/ie/en-US/7c8a4dc1-1615-439c-bf0f-3c60e6d5d7ea/pki-2012r2-mail-encryptionsignature-template-mystery?forum=winserversecurity

    This question can be closed.

    • Marked as answer by rec tec Monday, March 16, 2020 12:34 PM
    Monday, March 16, 2020 12:34 PM