Community
cancel
Showing results for 
Search instead for 
Did you mean: 
MLecl1
Novice
1,595 Views

Cannot export AMT certificate private key from Go Daddy certificate

Hello,

My company has bought a certificate for AMT provisioning and I need to export the certificate to a .pfx file for use with SCCM.

My problem is that the private key is marked as not exportable.

I installed the certificate by running the mmc snap-in certificates.

 

Then I ran certutil -repairstore my "SerialNumber"

The certificate is now displayed in IIS7 but private key is not exportable.

How can I solve This ? Do I miss something ?

Best regards,

0 Kudos
3 Replies
idata
Community Manager
87 Views

Hi LMichel,

When you generated the CSR, under the Key Options you want to make sure you selected "Make Private Key Exportable"

Then when you complete the request on the machine you generated the CSR from and install the cert, you should be able to right click the certificate from the cert store and choose export:

And finally, the option to export the private key should be available:

If your import/install of the certificate is working fine and you still do not see that option to Export the private key, I would double check that CSR.

thanks!

Josh

MLecl1
Novice
87 Views

Hi Jos,

So, if my understanding is right, you use the certificates snap-in to generate the request.

On my side, I followed the instruction from Go Daddy here : http://support.godaddy.com/help/5343 http://support.godaddy.com/help/5343 and here : http://support.godaddy.com/help/4800 http://support.godaddy.com/help/4800

Following these instruction does not allow to specify that the private key has to be exportable.

Is there something wrong with the Go Daddy documentation ?

I finally solved my issue regenerating a new csr according to these instructions :

http://social.technet.microsoft.com/wiki/contents/articles/requesting-an-amt-provisioning-certificat... http://social.technet.microsoft.com/wiki/contents/articles/requesting-an-amt-provisioning-certificat...

The certificate was re-keyed using this new csr and worked like a charm

Thanks for your help

Michel

idata
Community Manager
87 Views

That is great to hear!

Josh

Reply