Link to home
Create AccountLog in
Microsoft Excel

Microsoft Excel

--

Questions

--

Followers

Top Experts

Avatar of camilorgp
camilorgp🇺🇸

Cannot Export Private Key from certificate created with Microsoft Certificate Services
I have created a certificate for code signing using my own installation of Microsoft Certificate Services (http://myserver/certsrv).

Im using the advanced certificate request option with the following options selected:

Certificate Template:
 Code Signing
Key Options:
 Create a new key set
 Key size 1024
 Automatic key container name
Additional Options:
 Request Format: CMC
 Hash: SHA-1

At the end of the request the process installs the certificate in the PC that Im using, but then I have to export that certificate as I need to use it to sign code in other PCs, and when I use the export option in the certificates tab from IE, I can select the yes, export the private key option (see attached picture).

This effectivily prevents me from using the exported certificate to sign anything in any other PC, because when I try to use the exported certificate to sign code, it comes back with the following error "There was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded".

My question:
How can I generate a certificate using Microsoft Certificate Services that allows me to export the private key?

PrivateKeyIssue.jpg

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of John Gates, CISSP, CISM, CDPSEJohn Gates, CISSP, CISM, CDPSE🇺🇸

You should try to create the certificate then install it manually afterward.  It is during the import process that it should ask if you want to make the private key exportable.  It is possible that the auto import is defaulting to "Do not allow export of private key".

-D-
Avatar of camilorgpcamilorgp🇺🇸

ASKER

Hello Dimante,

I was reviewing the process to create the certificate, and as you know in Microsoft Certificate Services this is done through a website (http://myserver/certsrv). At the end of the process when the certificate is created it just gives me a link that says "install certificate". What I have been doing is clicking on that link as the only way to install the new certificate.

Now if I'm not mistaken what you propose is not to click on this link, but then another question arises:
If I don't get the certificate through this link How can I get the certificate out of Microsoft Certificate Services Server??
Avatar of John Gates, CISSP, CISM, CDPSEJohn Gates, CISSP, CISM, CDPSE🇺🇸

Right click the link and save it to disk?
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of camilorgpcamilorgp🇺🇸

ASKER

Unfortunately this link only allows a regular click. The right click has no effect whatsoever over this link, meaning that a pop up menu doesn't come up when I right click it. Please check the link Im talking about in the image attached.



Install-Certificate.jpg
Avatar of camilorgpcamilorgp🇺🇸

ASKER

Also please check the options that I have when I choose to create a "Code Signing" certificate. (Microsoft CA Options image). It comes to my attention that there is an option to specifically be able to export the keys but is gray out, and it is gray out only when I select the code signing option. Does that mean that what I'm trying to do is simply not possible????
MicrosoftCA-Options.jpg
Avatar of John Gates, CISSP, CISM, CDPSEJohn Gates, CISSP, CISM, CDPSE🇺🇸

What happens when you click the radio button "User specified key container name"  Does that enable the mark keys checkbox?
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of camilorgpcamilorgp🇺🇸

ASKER

No, when I check that radio button it only adds a question about the container name, but the "mark keys as exportable" option remains gray out.

ASKER CERTIFIED SOLUTION
Avatar of John Gates, CISSP, CISM, CDPSEJohn Gates, CISSP, CISM, CDPSE🇺🇸

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of camilorgpcamilorgp🇺🇸

ASKER

Thank you very much Dimante, you are right this is the solution to my problem. I was beginning to think that it was not possible.

Avatar of John Gates, CISSP, CISM, CDPSEJohn Gates, CISSP, CISM, CDPSE🇺🇸

Glad that is working for you now 8)  

Happy Computing!
-D-
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Microsoft Excel

Microsoft Excel

--

Questions

--

Followers

Top Experts

Microsoft Excel topics include formulas, formatting, VBA macros and user-defined functions, and everything else related to the spreadsheet user interface, including error messages.