Solved

Export Certificate from MIcrosoft CA

Posted on 2007-11-14
3
8,009 Views
Last Modified: 2013-12-04
How can i export certificates from a CA for intall it in another computer??

i only can export in binary mode, but i cant export with private key for use as a EFS  recovery agent.

0
Comment
Question by:jmatarranz
  • 2
3 Comments
 

Author Comment

by:jmatarranz
ID: 20280886
we need export it from CA issues certs, not from personal where the cert had been created.

0
 
LVL 4

Accepted Solution

by:
poseidoncanuck earned 500 total points
ID: 20296233
I'll try to answer your question, but I'm not entirely sure what you're trying to do.  Are you trying to:
(1) Get a copy of one or more user or computer certificates that have already been issued by the CA?
(2) Get a copy of one or more user/computer certificates + its associated private key?
(3) Make a backup or a copy of the CA, by copying the certificate + private key for the CA itself (i.e. the key used to sign digital certificates)?
(4) Publish the CA's certificate, so that it can be installed on various computers to enable trust for the certificates issued by the CA?

For (1), you could simply use the Certificate Authority management console (MMC), look in the Issued Certificates folder, select the certificate(s) you want, and export them.
For (2), you would have to have enabled autoenrollment for a "version 2" certificate, and also would have to have created one or more Key Recovery Agent certificates.  Then anyone with a valid, configured Key Recovery Agent's private key would be able to export a copy of the user/computer keypair + certificate.
For (3), I would explore the use of the CERTUTIL.EXE command, running from a command line console (CMD.EXE) on the CA's server itself.  One of its many parameters should allow you to export the private key and certificate.
For (4), there should be many different ways to retrieve the CA's public certificate, including using the Certificates management console on the CA (select Computer role), or use the Certificate Authority console and right-click on the CA itself.  Other approaches are possible as well.

And, is this question specific to EFS, or are you doing something that is for uses other than just EFS?
0
 

Author Comment

by:jmatarranz
ID: 20296718
i'm trying to export certs with private key from CA issued certificates. With "export to binary" action i only export cert, but not private key.

I have enabled autoenrollment for EFS use.

we use CA for more uses, but this question is specific for EFS.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question