When trying to export my certificate through IE, I follow the instructions, but when the Wizard comes up the option to Export the Private key is greyed out and it says below.
Note: The associated private key is marked as not exportable. Only the certificate can be exported.
Is there anyway around this, I know that it is not a full backup if the private key isn’t included.
Contact support and ask them to revoke the certificate.
Once done re-request the certificate and ensure you open the Advanced Private Key Options area BEFORE you submit the request. You’ll see amongst the items displayed you’ll have a checkbox (already checked) for Exportable? which you can leave checked.
That’s all you need to do folks :BNC It looks like the default behavior is to Not allow the Private Key to be exportable.
With thanks to Mark at Technical support for taking me though that one. (:CLP)
I had my certificate revoked.
I also removed the certificate from the personal certificates list.
So far I have not requested a new certificate.
One thing is not so clear to me now.
B.t.w. I have IE7.
Under Certificates, Advanced Options, it shows me a list called Certificate purposes (all items are checked),
but none of these “purposes” is called exportable.
Am I looking in the wrong spot here?
Did I miss something?
Yes, you’re looking in the wrong place. The option is on the certificate request form, but only if you are using Internet Explorer, not with Thunderbird. When applying for a certificate using Internet Explorer, there is a request to allow the Active-X Control “Certificate Enrollment Control”. When it installs, a link for Advanced Private Key Options appears immediately above the section for the Revocation Password. Clicking on the link opens a form with options for CSP, Key Size, Exportable, and User Protected. When Firefox is used with the default rendering engine, there is only an option for key size. Using the IE engine in Firefox for the same page gets the advanced options link.
Looks like the issue is on the pc and how your private key is mathematically challenged with the public key. At some point, you cannot put them toghether, as you have lost access to your private key.
Solution:
From your DOS command line prompts, Copy and paste this command line. It will reassign your private key access to your account. Then try to export your cert from your browser. You should have the private key option available
cacls “%USERPROFILE%\Application Data\Microsoft\Crypto\RSA” /T /E /C /G “%USERDOMAIN%%USERNAME%”:F
( there is one space between G and the next “
Let me know if this helps