Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Export Certificate from MIcrosoft CA

Posted on 2007-11-14
3
Medium Priority
?
8,488 Views
Last Modified: 2013-12-04
How can i export certificates from a CA for intall it in another computer??

i only can export in binary mode, but i cant export with private key for use as a EFS  recovery agent.

0
Comment
Question by:jmatarranz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:jmatarranz
ID: 20280886
we need export it from CA issues certs, not from personal where the cert had been created.

0
 
LVL 4

Accepted Solution

by:
poseidoncanuck earned 1500 total points
ID: 20296233
I'll try to answer your question, but I'm not entirely sure what you're trying to do.  Are you trying to:
(1) Get a copy of one or more user or computer certificates that have already been issued by the CA?
(2) Get a copy of one or more user/computer certificates + its associated private key?
(3) Make a backup or a copy of the CA, by copying the certificate + private key for the CA itself (i.e. the key used to sign digital certificates)?
(4) Publish the CA's certificate, so that it can be installed on various computers to enable trust for the certificates issued by the CA?

For (1), you could simply use the Certificate Authority management console (MMC), look in the Issued Certificates folder, select the certificate(s) you want, and export them.
For (2), you would have to have enabled autoenrollment for a "version 2" certificate, and also would have to have created one or more Key Recovery Agent certificates.  Then anyone with a valid, configured Key Recovery Agent's private key would be able to export a copy of the user/computer keypair + certificate.
For (3), I would explore the use of the CERTUTIL.EXE command, running from a command line console (CMD.EXE) on the CA's server itself.  One of its many parameters should allow you to export the private key and certificate.
For (4), there should be many different ways to retrieve the CA's public certificate, including using the Certificates management console on the CA (select Computer role), or use the Certificate Authority console and right-click on the CA itself.  Other approaches are possible as well.

And, is this question specific to EFS, or are you doing something that is for uses other than just EFS?
0
 

Author Comment

by:jmatarranz
ID: 20296718
i'm trying to export certs with private key from CA issued certificates. With "export to binary" action i only export cert, but not private key.

I have enabled autoenrollment for EFS use.

we use CA for more uses, but this question is specific for EFS.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question