Windows 10: Manual Certificate Request, User can change settings and export Private Key

Hi,

today I have recognized that when our users manually request a certificate they can also change the request settings and select the private key to be exportable. How can I prevent this ?





The situation is the same with users that have local administrator rights. If they request a computer certificate, they can also change the settings and make the private key exportable.

Thank you for your answers :-

:)

 

how do I export certificates and/or private keys?

Hi,

Thank you for posting your query on Microsoft Community. Let me assist you.

I suggest you to follow the below steps to export a certificate with a private key

1. Open the Certificates console for the user, computer, or service you want to manage.

2. In the console pane, select the certificate store and container holding the certificate that you want to export.

3. In the details pane, click the certificate you want to export.

4. On the Action menu, point to
All Tasks, and then click Export.

5. In the Certificate Export Wizard, click
Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)

6. Under Export File Format, do one or all of the following, and then click
Next.

• To include all certificates in the certification path, select the
  Include all certificates in the certification path if possible check box.
• To enable strong protection, select the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box.
• To delete the private key if the export is successful, select the
  Delete the private key if the export is successful check box.

7.In Password, type a password to encrypt the private key you are exporting. In
Confirm password, type the same password again, and then click
Next.

8. In File name, type a file name and path for the PKCS #12 file that will store the exported certificate and private key, click
Next, and then click Finish.

Hope this information is helpful. Please do let us know if you need further assistance, we’ll be glad to assist you.

 

How to export Private Key

Hello,

I have configured a Windows Server 2012R2 Certificate Services computer and created a template to issue certificates and checked the box to allow the private key to be exported.

When I use the certificate manager on my Windows 10 tablet the option to select and export format that allows exporting the private key is not selectable. it is grayed out.

What am I doing wrong?

Thanks

 

Cannot Export / Backup my EFS certificate private key

Windows 10 Pro
1909

Hi Folks,

I am trying to export my EFS certificate as a backup, however I am having no joy.

Note: I can encrypt and decrypt files using EFS no problem using my account.

Trying in Certificate Manger:

certmgr.exe (As Administrator)
Personal / Certificates
Right click the EFS cert / Export

The option to export the private key is greyed out, with a note:

The associated private key is marked as not exportable. Only the certificate can be exported

Using cipher.exe:

cipher /x c:\temp\EFSCertBack

Error: Key not valid for use in specified state.

Before I decrypt all of my EFS files and start a fresh any ideas?

Cheers