Sign in with
Sign up | Sign in
Your question

ways to export a private key marked not exportable?

Last response: in Windows 2000/NT
Share
February 3, 2005 1:30:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello windows certificate experts (at least I hope I am in the right
group). I have a certificate installed on a computer that needs to be
moved to another user profile. The private key for that certificate is
marked as non-exportable. Getting a new certificate would be very
difficult/not feasible. Anyone know of a tool that would allow a
certificate be moved from one user profile to another?

I hope there is some way this is possible, but I'm pretty certain I
know the answer to this question already (that no one knows a method to
bypass this check), but I thought I would get this due diligence out of
the way before getting started on an undesireable workaround.

Thank you in advance for any responses.
Anonymous
a b 8 Security
February 3, 2005 6:06:48 PM

Archived from groups: microsoft.public.win2000.security (More info?)

"User" certificates are usually exportable unless the user imported it into
the computer from a .pfx file at chose not to let the keys be exportable
which may be done for security purposes. Make sure you are looking in the
user store via the mmc certificates snapin for user. Another possibility is
that the private key is not available as could be the case if the user had
previously exported/deleted the private key. The main property page of the
certificate will show if the private key is there when viewed from the
user's store. Either way you are pretty much out of luck unless this is a
problem with EFS encrypted files and then a Recovery Agent may be available
or you are using a Windows 2003 CA and have issued certificates from a
template that is archiving private keys for the certificates. If you have a
Certificate Authority available on your network it is easy enough to request
a new certificate via mmc snapin for certificates [for enterprise CA only]
or via Web Enrollment. --- Steve


<joshuac@spintechs.com> wrote in message
news:1107455402.108282.110510@c13g2000cwb.googlegroups.com...
> Hello windows certificate experts (at least I hope I am in the right
> group). I have a certificate installed on a computer that needs to be
> moved to another user profile. The private key for that certificate is
> marked as non-exportable. Getting a new certificate would be very
> difficult/not feasible. Anyone know of a tool that would allow a
> certificate be moved from one user profile to another?
>
> I hope there is some way this is possible, but I'm pretty certain I
> know the answer to this question already (that no one knows a method to
> bypass this check), but I thought I would get this due diligence out of
> the way before getting started on an undesireable workaround.
>
> Thank you in advance for any responses.
>
!