Author Topic: Can't export private key  (Read 63932 times)

Offline tmarlow

  • Newbie
  • *
  • Posts: 1
Can't export private key
« on: February 15, 2008, 05:04:06 PM »
When trying to export my certificate through IE, I follow the instructions, but when the Wizard comes up the option to Export the Private key is greyed out and it says below.

Note: The associated private key is marked as not exportable.  Only the certificate can be exported.

Is there anyway around this, I know that it is not a full backup if the private key isn't included.

Offline kulaworld

  • Newbie
  • *
  • Posts: 5
Re: Can't export private key
« Reply #1 on: March 08, 2008, 09:06:49 PM »
Hi, tmarlow,
sorry, but I don't have the answer.

I have however the same problem as you describe.

Maybe somebody is able to help us soon.....???

I really like to backup my certificate to a safe place.

Thanks from kulaworld

Offline richard81

  • Newbie
  • *
  • Posts: 1
Re: Can't export private key
« Reply #2 on: March 16, 2008, 09:53:21 AM »
Same problem here. I am using Windows Vista Business with IE7.

Offline Rachel Heath

  • Newbie
  • *
  • Posts: 1
Re: Can't export private key
« Reply #3 on: March 25, 2008, 10:19:30 PM »
Contact support and ask them to revoke the certificate.

Once done re-request the certificate and ensure you open the Advanced Private Key Options area BEFORE you submit the request. You'll see amongst the items displayed you'll have a checkbox (already checked) for Exportable? which you can leave checked.

That's all you need to do folks  :BNC It looks like the default behavior is to Not allow the Private Key to be exportable.

With thanks to Mark at Technical support for taking me though that one.   (:CLP)

Rachel


Offline kulaworld

  • Newbie
  • *
  • Posts: 5
Re: Can't export private key
« Reply #4 on: April 05, 2008, 07:58:26 PM »
Hi Rachel,

thanks for your help, muchly appreciated.

I had my certificate revoked.
I also removed the certificate from the personal certificates list.
So far I have not requested a new certificate.

One thing is not so clear to me now.
B.t.w. I have IE7.

Under Certificates, Advanced Options, it shows me a list called Certificate purposes (all items are checked),
but none of these "purposes" is called exportable.
Am I looking in the wrong spot here?
Did I miss something?

Further help will be appreciated.

Regards,
kulaworld





Offline rblevow

  • Newbie
  • *
  • Posts: 2
Re: Can't export private key
« Reply #5 on: August 16, 2008, 10:30:29 PM »
Kulaworld,

Yes, you're looking in the wrong place.  The option is on the certificate request form, but only if you are using Internet Explorer, not with Thunderbird.  When applying for a certificate using Internet Explorer, there is a request to allow the Active-X Control "Certificate Enrollment Control".  When it installs, a link for Advanced Private Key Options appears immediately above the section for the Revocation Password.  Clicking on the link opens a form with options for CSP, Key Size, Exportable, and User Protected.  When Firefox is used with the default rendering engine, there is only an option for key size.  Using the IE engine in Firefox for the same page gets the advanced options link.

Offline gordon2008

  • Comodo Member
  • **
  • Posts: 47
Re: Can't export private key
« Reply #6 on: November 19, 2008, 09:34:35 AM »
Hi,

Active X should be enabled on IE or you have to add www.comodo.com. support.comodo.com as trust web site on IE browser options of trusted site.

If you find a problem in applying the certificate, then please let me know your exact browser version


Offline PKIGURU

  • Newbie
  • *
  • Posts: 1
Re: Can't export private key
« Reply #7 on: May 27, 2009, 11:05:27 AM »
Looks like the issue is on the pc and how your private key is mathematically challenged with the public key. At some point, you cannot put them toghether, as you have lost access to your private key.

Solution:

From your DOS command line prompts, Copy and paste this command line. It will reassign your private key access to your account. Then try to export your cert from your browser. You should have the private key option available

cacls "%USERPROFILE%\Application Data\Microsoft\Crypto\RSA" /T /E /C /G "%USERDOMAIN%\%USERNAME%":F
( there is one space between G and the next “
Let me know if this helps

PKIGURU

Offline Gentil Kiwi

  • Newbie
  • *
  • Posts: 1
Re: Can't export private key
« Reply #8 on: October 22, 2010, 05:08:29 PM »
Just for the fun to export when the private key is greyed out  >:-D

A new version that support CNG & CryptoAPI :)

  • download (and launch with administrative privileges) : http://blog.gentilkiwi.com/mimikatz (trunk version for last version)
  • privilege::debug (or not if you're already system or target only CryptoApi)
  • crypto::patchcng (nt 6) and/or crypto::patchcapi (nt 5 & 6)
  • crypto::exportCertificates and/or crypto::exportCertificates CERT_SYSTEM_STORE_LOCAL_MACHINE

pfx files are passwords protected "mimikatz"  88)
Regards
« Last Edit: December 14, 2011, 06:27:33 PM by Gentil Kiwi »

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek