My company has bought a certificate for AMT provisioning and I need to export the certificate to a .pfx file for use with SCCM.
My problem is that the private key is marked as not exportable.
I installed the certificate by running the mmc snap-in certificates.
Then I ran certutil -repairstore my "SerialNumber"
The certificate is now displayed in IIS7 but private key is not exportable.
How can I solve This ? Do I miss something ?
When you generated the CSR, under the Key Options you want to make sure you selected "Make Private Key Exportable"
Then when you complete the request on the machine you generated the CSR from and install the cert, you should be able to right click the certificate from the cert store and choose export:
And finally, the option to export the private key should be available:
If your import/install of the certificate is working fine and you still do not see that option to Export the private key, I would double check that CSR.
So, if my understanding is right, you use the certificates snap-in to generate the request.
On my side, I followed the instruction from Go Daddy here : http://support.godaddy.com/help/5343 http://support.godaddy.com/help/5343 and here : http://support.godaddy.com/help/4800 http://support.godaddy.com/help/4800
Following these instruction does not allow to specify that the private key has to be exportable.
Is there something wrong with the Go Daddy documentation ?
I finally solved my issue regenerating a new csr according to these instructions :
The certificate was re-keyed using this new csr and worked like a charm
Thanks for your help