Certutil keeps prompting for a smart card

I'm trying to run certutil -repairstore My "<serial>"  for a particular SSL certificate in my store.  I can't seem to obtain a good PFX export that I can transfer to other web servers.

How can I disable the call for a smart card?
smartcard.PNG
smartcardresult.PNG
LVL 5
Eric GreeneDirector of TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
that certificate was issued by rapidssl not your local CA.
note: rapid SSL you will get errors on other servers as the CN will not contain the other servers name

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
to export PFX with the private key, you need to be the owner and has authorised rights to it. apparently the cert (based on the CN) is RapidSSL. Unless you are the owner, apparently not then you will not be able to retrieve the key. Furthermore, the cert is issued with private key in smartcard and not in PC hence it cannot be exported (supposedly by default for smartcard even if you have the correct PIN to access the card). You can at most get the public cert instead via the browser
Eric GreeneDirector of TechnologyAuthor Commented:
Well, I can only infer from your answers that it's not possible to disable the smartcard prompt using certutil.  That's fine since I found another way.

In case anyone is interested in knowing, the reason I couldn't extract the key is because the key did not exist on my system since I used a CSR generator to create the request.  When you use IIS to create the request it automatically stores the key on the server that created the request.

1. I had to have the certificate re-issued using the CSR generated by IIS

2. then I was able to complete the request in IIS

3. I could then use OpenSSL to derive the key and generate a PFX file for use on other Windows servers on my network


Thank you for chiming in.  You guys filled a couple of holes in my knowledge anyway.
btanExec ConsultantCommented:
Thanks for sharing - this is another this article for the IIS CSR too
(there is the pfx export steps as well near end of doc) :)
https://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.