Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2835 Discussions

Cannot export AMT certificate private key from Go Daddy certificate

MLecl1
Novice
‎03-13-2012 12:59 AM
2,330 Views

Hello,

My company has bought a certificate for AMT provisioning and I need to export the certificate to a .pfx file for use with SCCM.

My problem is that the private key is marked as not exportable.

I installed the certificate by running the mmc snap-in certificates.

 

Then I ran certutil -repairstore my "SerialNumber"

The certificate is now displayed in IIS7 but private key is not exportable.

How can I solve This ? Do I miss something ?

Best regards,

0 Kudos

Link Copied

3 Replies
idata
Employee
‎03-14-2012 08:49 AM
822 Views

Hi LMichel,

When you generated the CSR, under the Key Options you want to make sure you selected "Make Private Key Exportable"

Then when you complete the request on the machine you generated the CSR from and install the cert, you should be able to right click the certificate from the cert store and choose export:

And finally, the option to export the private key should be available:

If your import/install of the certificate is working fine and you still do not see that option to Export the private key, I would double check that CSR.

thanks!

Josh

151621.zip
0 Kudos
Copy link
MLecl1
Novice
‎03-16-2012 09:50 AM
822 Views
In response to idata

Hi Jos,

So, if my understanding is right, you use the certificates snap-in to generate the request.

On my side, I followed the instruction from Go Daddy here : http://support.godaddy.com/help/5343 http://support.godaddy.com/help/5343 and here : http://support.godaddy.com/help/4800 http://support.godaddy.com/help/4800

Following these instruction does not allow to specify that the private key has to be exportable.

Is there something wrong with the Go Daddy documentation ?

I finally solved my issue regenerating a new csr according to these instructions :

http://social.technet.microsoft.com/wiki/contents/articles/requesting-an-amt-provisioning-certificate-using-a-windows-server-2008-ca.aspx http://social.technet.microsoft.com/wiki/contents/articles/requesting-an-amt-provisioning-certificate-using-a-windows-server-2008-ca.aspx

The certificate was re-keyed using this new csr and worked like a charm

Thanks for your help

Michel

In response to idata
0 Kudos
Copy link
idata
Employee
‎03-16-2012 03:08 PM
822 Views
In response to MLecl1

That is great to hear!

Josh

In response to MLecl1
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.