Cannot export private key (Greyed Out)

I purchased a Corporate Secure Email Certificate for a user using the “Microsoft Enhanced Cryptographic Provider v1.0”. I made sure the “6. Is Private Key “Exportable”?” option was checked.

They received the email and clicked on the link, which opened up Google Chrome and they downloaded the certificate to a “user.crt” file in their downloads folder.

When importing this certificate, it does not place the certificate in the “Personal” but in the “Other Users”.

When trying to export the private key (*.pfx), the option is greyed out. We can only export as a *.cer or *.p7b file.

How do we uninstall/reinstall/fix this problem, besides re-issuing a new certificate, and making sure to download/import it with IE?

I believe your only course of action is revoke the certificate and try again this time using IE or Firefox as no other browser reliably works with browser-based Certificate Enrollment outside of these two. However, if there is a re-issue option, then that would be the best course of action. Otherwise, you will need to take the aforementioned steps of revoke and re-invite user.

You should be able to email refunds[at]comodo[dot]com to get the funds put back in to your EPKI acct.

Thanks Sal! I spoke with Comodo on chat and they helped me revoke the certificate, and instructed me to request a refund as you did. I’ve purchased another certificate and will personally install it for my user.

Just surfed by this, in my search for an answer to another question.

I don’t know if this is relevant for you, but I once had a similar problem, where the solution was to run the command

certutil -repairstore my "id"

Where you have to replace the “id” with the actual id of the certificate (which can be found via the Certificates snap-in within MMC, on the details tab on the properties page for the certificate). The id must be inclosed within double-quotes for the command to work.

This allowed me to export my certificate including the private key, and hopefully, this information can help someone else.

I want to confirm using IE was the right way after revokation and regeneration to collect cert properly WITH private key and then for me import it correctly into Thunderbird -THANKS (■■■■ IE, havent tried with EDGE though)