Export Certificate with Private Key from CA Management MMC

Hello,
We have an Enterprise Certificate Authority installed in our Windows
2003 Domain. I have minted some Client Authentication certificates,
and I have marked the private keys as exportable.

I am able to install the certs using the web certificate service
(https://CA/certsrv), and I am able to export the certificate and
private key from my computer's local certificate store.

However, I am trying to mint the cert for someone else, as an
administrator, and I want to be able to export the certificate and
private key directly from the CA, rather than installing the
certificates locally on my machine and then exporting them.

Is there a way to export the certificate and private key directly from
the CA, rather than installing it locally on my workstation and
exporting it that way?

The only option I've been able to find is to copy the certificate to a
file, but my options are .CER or .P7B, and I'd like to export it
as .PFX so that I can get the private key.

Thanks.
0
AlanW
2/17/2010 5:28:57 PM
windows.server.active_director 902 articles. 0 followers. Follow

3 Replies
10061 Views

Similar Articles

[PageSpeed] 15

Hi Alan,

yes that is correct - per default the Webserver certificate does not allow 
to export the private key which is from security perspective good ;-)

If you do need that feature in your environment you need to create a new 
Webserver template on your CA and enable "export private key" property.
Just use the current webserver certificate template and create a new one, 
then you should be able to configure this.

Regards
Ramazan

"AlanW." <adweber@gmail.com> wrote in message 
news:d44fa087-c979-4721-939e-5b2de78d0152@c16g2000yqd.googlegroups.com...
> Hello,
> We have an Enterprise Certificate Authority installed in our Windows
> 2003 Domain. I have minted some Client Authentication certificates,
> and I have marked the private keys as exportable.
>
> I am able to install the certs using the web certificate service
> (https://CA/certsrv), and I am able to export the certificate and
> private key from my computer's local certificate store.
>
> However, I am trying to mint the cert for someone else, as an
> administrator, and I want to be able to export the certificate and
> private key directly from the CA, rather than installing the
> certificates locally on my machine and then exporting them.
>
> Is there a way to export the certificate and private key directly from
> the CA, rather than installing it locally on my workstation and
> exporting it that way?
>
> The only option I've been able to find is to copy the certificate to a
> file, but my options are .CER or .P7B, and I'd like to export it
> as .PFX so that I can get the private key.
>
> Thanks. 

0
RCan
2/18/2010 12:50:16 PM
Hi
Additionally you may start thinking about KRA and Key archival.

-- 

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"RCan" <noospam@arcor.de> wrote in message 
news:eziRtjJsKHA.3908@TK2MSFTNGP05.phx.gbl...
> Hi Alan,
>
> yes that is correct - per default the Webserver certificate does not allow 
> to export the private key which is from security perspective good ;-)
>
> If you do need that feature in your environment you need to create a new 
> Webserver template on your CA and enable "export private key" property.
> Just use the current webserver certificate template and create a new one, 
> then you should be able to configure this.
>
> Regards
> Ramazan
>
> "AlanW." <adweber@gmail.com> wrote in message 
> news:d44fa087-c979-4721-939e-5b2de78d0152@c16g2000yqd.googlegroups.com...
>> Hello,
>> We have an Enterprise Certificate Authority installed in our Windows
>> 2003 Domain. I have minted some Client Authentication certificates,
>> and I have marked the private keys as exportable.
>>
>> I am able to install the certs using the web certificate service
>> (https://CA/certsrv), and I am able to export the certificate and
>> private key from my computer's local certificate store.
>>
>> However, I am trying to mint the cert for someone else, as an
>> administrator, and I want to be able to export the certificate and
>> private key directly from the CA, rather than installing the
>> certificates locally on my machine and then exporting them.
>>
>> Is there a way to export the certificate and private key directly from
>> the CA, rather than installing it locally on my workstation and
>> exporting it that way?
>>
>> The only option I've been able to find is to copy the certificate to a
>> file, but my options are .CER or .P7B, and I'd like to export it
>> as .PFX so that I can get the private key.
>>
>> Thanks.
> 
0
Jorge
2/18/2010 5:38:20 PM
Jorge,
Thanks very much for your input.
It looks like you are correct on your second post. I need to archive
the keys, and use a key recovery agent to restore the certificate with
the private key.
This should do what I need.
I was hoping that there was an easy way to export the certificate with
the Private key directly from the Management console on the CA server,
but it's not looking as though it's possible.
Thanks
0
AlanW
2/23/2010 7:01:42 PM
Reply:

Similar Artilces:

product key generator
I want to use Microsoft-style product keys for my product. Anyone know which algorithm could be used to create and validate the keys? Is there any free source code availabe? thanks DR DR wrote: > I want to use Microsoft-style product keys for my product. Anyone > know which algorithm could be used to create and validate the keys? > Is there any free source code availabe? Wouldn't that kinda defeat the purpose ? -- Sigurd http://utvikling.com "Sigurd Stenersen" <sigurds@utvikling.com> wrote in message news:u2nbaZQsEHA.1404@TK2MSFTNGP11.phx.gbl... > D...

Communicating Directly with the MS Money Manager?
Is it possible to communicate directly to the MS Money Team Lead / Manager either through e-mail or telephone? I'm a long time Money user with a few good ideas to improve future products that they may be interested in hearing. FYI....A specific idea of mine should have been utilized in a 2009 version of Money which would have help MSFT sell many more units. Without communication with the Money Team, I am most likely going to switch over to Quicken and perhaps tell them about my ideas. Thanks, -- Phil A. Huddy Money User since 1997 Let us know how switching to Q works for you. &q...

Certificate keeps going away
So i have encryption setup for all internal users. I have used Microsofts CA for issuing all the tickets. Everybody can read the encrypted email messages but every once in a while when a user sends an encrypted email to a user I get this message from outlook "Microsoft Office Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities." This is very weird. I can read that users encyrpted email but i can't send an encrypted email to that person. I have the users public key...

Resolution to CRM 1.2 database export failed error during 1.2 to 3.0 upgrade
After struggling with this error working with MS Support and receiving no resolution, we were able to solve the problem through KB article 916924 (see below). Why MS Support did not point us to this in the first place is quite frustrating, so hopefully this will help others! CAUSE Cause 1 This problem occurs because there are saved queries in the Microsoft CRM 1.2 databases that are malformed. This problem usually occurs because a third-party product is not completely removed from the Microsoft CRM databases before you upgrade to Microsoft Dynamics CRM 3.0. Cause 2 This problem occurs if th...

CRecordSet and primary keys
Hi, I table a table in MS Access which had a primary key (AutoNumber). A few rows have been added to this table. What I need to know is before I add a new row, what will the primary key be?? I could loop through the rows and get the last key and add one to it but is this safe? Are there better ways to do this? W Akthar In general, for columns with the autonumber attribute, there is no reliabe mechanism for determining what the next primary key will be. The reliable method works after the row has been inserted - all you have to do is fetch the value from the SELECT @@IDENTITY sql state...

Integration Manager password required??!!
Hi When i make Intigration for Inventory item i receive this error Message DOC 3 ERROR: Input box response required: 'Please Enter Password' Any Idea fo that? Best Regards Monzer Osama www.gp4arab.com try entering the item manually and see what happens. you're being prompted for some sort of inventory password, although I don't see where a password might be required. "Monzer Osama" wrote: > Hi > > When i make Intigration for Inventory item i receive this error > Message > > DOC 3 ERROR: Input box response required: 'Please Enter Pass...

Export empty columns to Excel
I have a database, and some data in that needs to be imported into another database through Excel. I have no control over this, that's the way it needs to be. These Excel files have certain columns, and not all of them relevant for my database. Can I make a query with the relevant fields from my database, and have the needed columns inserted where appropriate? Also, some of my relevant fields have different names than the Excel template. Can I change the column headings in my query to match the Excel template? For example if you have to export and leave columns 2 and 3 blank an...

Export money-file to other computer
I have problems with MS Money on my desktop computer and I simply want to move/export my money file to my laptop, but that seems to be impossible. That seems to be impossible, at least Money on the laptop refuses to read the file. /Peter, Stockholm, Sweden In microsoft.public.money, Peter Fowelin wrote: >I have problems with MS Money on my desktop computer and I simply want to >move/export my money file to my laptop, but that seems to be impossible. That >seems to be impossible, at least Money on the laptop refuses to read the >file. What error message? Incompatible ver...

Why Excel process is still there on Task Manager list
Hi all, My project is about pick up info from individual workbook, and merge the info into a new workbook. But in the end of code, even I set nothing to workbook and application object, but the Excel process is still there, but the way the open and close procedure is very slow, is there any way to expedite it? Dim SrcWrk As Workbook Dim DstWrk As Workbook Dim app As New Application DstWrk = app.Workbooks.Add() For Each File As String In Directory.GetFiles(Me.SrcDir, "*.xls", System.IO.SearchOption.AllDirectories) ...

Set up a Certificate of Deposit / Forex account
What is the best way to set up a CD in Money? -as an investment (in an investment account) with the interest "reinvested" each month? -as an investment account using only the cash portion and adding "interest" each month? -as a "savings account" under "banking"? Also, how should a forex account be set up? Thank you for any help you can provide I have set up CD's as either investments within an investment account or as individual savings accounts. It all has depended upon how the FI treats them. When I did not have anything but manual entry...

Exporting to a text file
How to export an Access query to a text file without the column heading? The query consists of single column and is used to import to an accounting system. Thanks. Cannot be done with the built-in TransferText action / method. You'd need to open a text file via VBA code and write the query's records (one at a time) into that file. If interested, post back and I'll provide some sample code. -- Ken Snell <MS ACCESS MVP> "Paul" <paul_mak@shaw.ca> wrote in message news:O$MxJCPlHHA.1244@TK2MSFTNGP04.phx.gbl... > How to export an Access quer...

How do I export/save a shhet where some of the cells have multiple line values
At the office I wrote a perl script to proces the data exported/saved from an excel spreadsheet. I noticed that the perl script processed more lines than existed rows in the spreadsheet. Upon closer examination I noticed that some of the cells have multiple line values. Is there any way I can control the action of the export/save so that the multiple line val;ues are combined into a single line ? Thanks... The cells with multiple lines would have linefeeds in them. This would be the character 0010 which is entered using Alt + Enter Select all cells before export/save and Edit>Replace...

Manage Identities (as in Outlook express)
Hi all, I am starting to use Outlook as apposed to Outlook express, but I can't find an option to manage email identities, as all of my family have their own email addresses and like to keep their email seperate. Is this not an option in Outlook (2000)?? I am sure I have done this before somehow in Outlook Thanks in advance Steve See this page for information: http://www.slipstick.com/outlook/choosingmode.htm --� Milly Staples [MVP - Outlook] Post all replies to the group to keep the discussion intact. After searching google.groups.com and finding no answer steve <steve...

requisition manager , Business Portal
I have a client that needs to attach documents for example quotes ( word, excel, pdfs) to the requistion. I do not see this capability in Req Mang. Am I missing something? And if there is a way how can it be transfered to the PO in GP. If this is not out of the box; what is the simplest way to add this capability? Thank you for any assistance. There is a trird party product called kwiktag. I love it, works with the Dynamics GP environment and can also work standalone. It is the standalone functionality that is really helping my ROI. The ability to attach any document to GP transac...

recipient in email template of workflow manager
When using an email template in the workflow manager the 'recipient' field is disabled. Instead the recipient is set to the email on the object, which for opportunities will be the potential customer. The default Microsoft CRM installation includes email templates for opportunities (e.g. 'A new opportunity has been created') - but based on the 1st paragraph these are not really usable as this email will be sent to the customer instead of the sales manager! You can specifiy the recipient if you do not use an email template, but then you cannot use the dynamic fields ...

Report Manager Add-In #2
I am running Excel 2003. I tired downloading the report manager add in for Excel 2002. I cannot run the exe file to install the add in. I have heard others say they have done this successfully with Excel 2003. HELP!!!!! TIA Hi Sue does the information contained in http://support.microsoft.com/default.aspx?scid=kb;en-us;873209 help? Cheers JulieD "Sue" <anonymous@discussions.microsoft.com> wrote in message news:790601c52651$fa0f7290$a401280a@phx.gbl... >I am running Excel 2003. I tired downloading the report > manager add in for Excel 2002. I cannot run th...

How do I export Excel in a semi-colon delimited format?
I would like to export an Excel worksheet in a semi-colon delimited format instead of a comma delimited format. Is that possible? See Chip[ Pearson';s site for code. http://www.cpearson.com/excel/imptext.htm#Export Gord Dibben Excel MVP On Fri, 6 May 2005 14:28:12 -0700, "Robert1105" <Robert1105@discussions.microsoft.com> wrote: >I would like to export an Excel worksheet in a semi-colon delimited format >instead of a comma delimited format. Is that possible? Robert, Try the Text Write Program at www.smokeylake.com/excel. Put a semicolon in the Field Del...

Mailbox Manager for 5.5
I am trying to use the Mailbox Manager to clean the mailboxes in my organization. It works the very first time after installation, but then either through manually starting the clean or using the scheduled scan method, it doesn't work. It runs, but it says that it processed 0 mailboxes. After uninstall and re-install of Mailbox Manager, it works again the first time, but then doesn't work again. I'm using Microsoft Exchange Server 5.5 SP4 and have installed the MM from SP4 CD. Make sure you don't have Outlook on the server. It has been known that running Outlook (o...

Dictionary<key,item> trimming internally
I was playing around with using Dictionary<> to implement a sparse array using something like class Key { byte x, y, z; } where the "space" is 16,777,216 entries but there are only ever going to be maximum of 10,000 entries but it seems to me the internal hash array only grows - it never shrinks looking at the code with reflector shows a private Resize() method that only grows the number of buckets ideally I would like something that would automatically recycle buckets and so not generate any garbage any ideas? John Rivers wrote: > [...] &...

Collections Management Default Statement ID
In GP 10, we've assigned a Default Statement ID in the Collections Management Local Setup window. However, when we go to the Collections Management Print Selection window and put a checkmark beside Print Statement, the Statement ID is not defaulting in. This worked in GP 9. Did this break in GP 10? Or, are we missing something? ...

System Manager and Custom MMC
I have a custom MMC in which I have added several snap-ins, however, recently when I attempt to add the System Manager snap-in, the MMC crashes and generates a windows error report. I notice in the security event log, messages about lsass.exe and mmc.exe being logged for the Windows Firewall. I can re-create this behaviour with a number of other snap-ins as well, for example, when attempting to add the Group Policy Management Console, just after clicking OK, the Custom MMC crashes. I get the same result also, when I add the services snap-in, and attempt to connect to another server. ...

size of private information store
the private information store is reporting that it is at 16GB. I have done several offline defrags with eseutil /d. The physical size of the .edb and ..stm file remain the same. I have reduced the size of the various mailboxes by ov 5 GB. Any ideas why the size of the .edb file is not reducing accordingly. check your "deleted items retention" window... "Joe McHale" <Joe McHale@discussions.microsoft.com> wrote in message news:07594495-4387-492D-ACDB-B9BD9EB39D6D@microsoft.com... > the private information store is reporting that it is at 16GB. I have done ...

Exporting to OE 6
I need to export a portion of my Windows Mail folders from my vista desktop to a different compter which is running Outlook Express 6. Elsewhere on this site I found how to move contacts over and that is done. The instructions for exporting the emails (and folders) that I found told here said: file/export/messages. I did that and came up with a folder that had inbox and sent folders, each with the appropriate subfolders. The instructions said to drop this into OE. How do I drop the folders into OE. I tried drag and drop into the email folder panel in OE and directly onto ...

make paste values only a ctrl-key?
Thanks for any help. I do paste values-only alot, and can I make this a control key? So when I do ctrl-Z or some other key, it will paste value only whatever is in the clipboard? I looked in help>keyboard shortcuts, but couldn't find anything about setting keys. Thanks First, ctrl-z is the shortcut for edit|undo. I wouldn't use that combo. Saved from a previous post: I think you had a workbook that contained a macro that had a shortcut that used ctrl-shift-v to do the paste special. (I don't recall it ever being in excel.) Instead of a workbook, macro, shortcut, you co...

Commissions to sales managers
What is the best way to configure GP so that sales managers receive commissions off their reps customers invoices? I know that you configure the territory and the reps % on the salesperson maintenance screen but don't see a place in the GP 9 documentation for where I would create the rollup for the manager of that territory. Splitting commissions by order would be a bit too painful. Can you please point me to the right document or customer source entry that can lead me in the right direction? Thanks. Monson, There is really nothing in GP to handle this. If you are able to devise ...