Solved

Export Certificate from MIcrosoft CA

Posted on 2007-11-14
3
7,709 Views
Last Modified: 2013-12-04
How can i export certificates from a CA for intall it in another computer??

i only can export in binary mode, but i cant export with private key for use as a EFS  recovery agent.

0
Comment
Question by:jmatarranz
  • 2
3 Comments
 

Author Comment

by:jmatarranz
ID: 20280886
we need export it from CA issues certs, not from personal where the cert had been created.

0
 
LVL 4

Accepted Solution

by:
poseidoncanuck earned 500 total points
ID: 20296233
I'll try to answer your question, but I'm not entirely sure what you're trying to do.  Are you trying to:
(1) Get a copy of one or more user or computer certificates that have already been issued by the CA?
(2) Get a copy of one or more user/computer certificates + its associated private key?
(3) Make a backup or a copy of the CA, by copying the certificate + private key for the CA itself (i.e. the key used to sign digital certificates)?
(4) Publish the CA's certificate, so that it can be installed on various computers to enable trust for the certificates issued by the CA?

For (1), you could simply use the Certificate Authority management console (MMC), look in the Issued Certificates folder, select the certificate(s) you want, and export them.
For (2), you would have to have enabled autoenrollment for a "version 2" certificate, and also would have to have created one or more Key Recovery Agent certificates.  Then anyone with a valid, configured Key Recovery Agent's private key would be able to export a copy of the user/computer keypair + certificate.
For (3), I would explore the use of the CERTUTIL.EXE command, running from a command line console (CMD.EXE) on the CA's server itself.  One of its many parameters should allow you to export the private key and certificate.
For (4), there should be many different ways to retrieve the CA's public certificate, including using the Certificates management console on the CA (select Computer role), or use the Certificate Authority console and right-click on the CA itself.  Other approaches are possible as well.

And, is this question specific to EFS, or are you doing something that is for uses other than just EFS?
0
 

Author Comment

by:jmatarranz
ID: 20296718
i'm trying to export certs with private key from CA issued certificates. With "export to binary" action i only export cert, but not private key.

I have enabled autoenrollment for EFS use.

we use CA for more uses, but this question is specific for EFS.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now