Solved

Export Certificate from MIcrosoft CA

Posted on 2007-11-14
3
8,204 Views
Last Modified: 2013-12-04
How can i export certificates from a CA for intall it in another computer??

i only can export in binary mode, but i cant export with private key for use as a EFS  recovery agent.

0
Comment
Question by:jmatarranz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:jmatarranz
ID: 20280886
we need export it from CA issues certs, not from personal where the cert had been created.

0
 
LVL 4

Accepted Solution

by:
poseidoncanuck earned 500 total points
ID: 20296233
I'll try to answer your question, but I'm not entirely sure what you're trying to do.  Are you trying to:
(1) Get a copy of one or more user or computer certificates that have already been issued by the CA?
(2) Get a copy of one or more user/computer certificates + its associated private key?
(3) Make a backup or a copy of the CA, by copying the certificate + private key for the CA itself (i.e. the key used to sign digital certificates)?
(4) Publish the CA's certificate, so that it can be installed on various computers to enable trust for the certificates issued by the CA?

For (1), you could simply use the Certificate Authority management console (MMC), look in the Issued Certificates folder, select the certificate(s) you want, and export them.
For (2), you would have to have enabled autoenrollment for a "version 2" certificate, and also would have to have created one or more Key Recovery Agent certificates.  Then anyone with a valid, configured Key Recovery Agent's private key would be able to export a copy of the user/computer keypair + certificate.
For (3), I would explore the use of the CERTUTIL.EXE command, running from a command line console (CMD.EXE) on the CA's server itself.  One of its many parameters should allow you to export the private key and certificate.
For (4), there should be many different ways to retrieve the CA's public certificate, including using the Certificates management console on the CA (select Computer role), or use the Certificate Authority console and right-click on the CA itself.  Other approaches are possible as well.

And, is this question specific to EFS, or are you doing something that is for uses other than just EFS?
0
 

Author Comment

by:jmatarranz
ID: 20296718
i'm trying to export certs with private key from CA issued certificates. With "export to binary" action i only export cert, but not private key.

I have enabled autoenrollment for EFS use.

we use CA for more uses, but this question is specific for EFS.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question