Solved

Export Certificate from MIcrosoft CA

Posted on 2007-11-14
3
8,138 Views
Last Modified: 2013-12-04
How can i export certificates from a CA for intall it in another computer??

i only can export in binary mode, but i cant export with private key for use as a EFS  recovery agent.

0
Comment
Question by:jmatarranz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:jmatarranz
ID: 20280886
we need export it from CA issues certs, not from personal where the cert had been created.

0
 
LVL 4

Accepted Solution

by:
poseidoncanuck earned 500 total points
ID: 20296233
I'll try to answer your question, but I'm not entirely sure what you're trying to do.  Are you trying to:
(1) Get a copy of one or more user or computer certificates that have already been issued by the CA?
(2) Get a copy of one or more user/computer certificates + its associated private key?
(3) Make a backup or a copy of the CA, by copying the certificate + private key for the CA itself (i.e. the key used to sign digital certificates)?
(4) Publish the CA's certificate, so that it can be installed on various computers to enable trust for the certificates issued by the CA?

For (1), you could simply use the Certificate Authority management console (MMC), look in the Issued Certificates folder, select the certificate(s) you want, and export them.
For (2), you would have to have enabled autoenrollment for a "version 2" certificate, and also would have to have created one or more Key Recovery Agent certificates.  Then anyone with a valid, configured Key Recovery Agent's private key would be able to export a copy of the user/computer keypair + certificate.
For (3), I would explore the use of the CERTUTIL.EXE command, running from a command line console (CMD.EXE) on the CA's server itself.  One of its many parameters should allow you to export the private key and certificate.
For (4), there should be many different ways to retrieve the CA's public certificate, including using the Certificates management console on the CA (select Computer role), or use the Certificate Authority console and right-click on the CA itself.  Other approaches are possible as well.

And, is this question specific to EFS, or are you doing something that is for uses other than just EFS?
0
 

Author Comment

by:jmatarranz
ID: 20296718
i'm trying to export certs with private key from CA issued certificates. With "export to binary" action i only export cert, but not private key.

I have enabled autoenrollment for EFS use.

we use CA for more uses, but this question is specific for EFS.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question