Export cert to pkcs12 format

TheMSsForum.com: The Microsoft Software Forum

i was able to export from IE way back i october in this
format. now when i look at the options, it is not
available as a selection in the export wizard. the
certificate i am attempting to export is the same one.
the only changes would have bee hotfixes and xp sp's.

i am running ie 6.x with xp pro current patches.

can anyone provide any info?
Top

RE: Export cert to pkcs12 format by vivienw

vivienw
Wed Jul 02 00:58:51 CDT 2003

Hello,

This problem can occur when the certificate was imported, the option to
allow the private key to be exported may have been unchecked. This is a
security measure to prevent a possible compromise of the server's private
key. Since this could be a potential security risk, the option to mark the
private key as exportable is not checked by default.

To workaround the issue, you will need access to the original certificate
backup (.pfx) file. To ensure this problem does not happen in the future
(should you want to export the private key again) make sure during the
import process that you select the box "mark the private key as exportable".

For related information, you can also view the article below.

MakeCert

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
curity/makecert.asp


Sincerely,

Vivien Wu
MCSA, MCSE2000 and MCDBA2000
Microsoft Partner Online Support


Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

Top

Re: Export cert to pkcs12 format by Michel

Michel
Wed Jul 02 12:25:58 CDT 2003

"Mike Cipriani" <cipriani.ma@mellon.com> wrote in message
news:000001c340bc$37484ba0$a501280a@phx.gbl...
>
> i have also imported the cert to other pc's and tried to
> export from there and ran into the same issue, but this
> could be because it is not in the personal store on those
> other pc's.
>
How did you do that? (imported the cert to other pcs if you
can't export the private key?)
If you imported just the public certificate, you obviously would
not be able to get any private key.
- Mitch


Top

Re: Export cert to pkcs12 format by Mike

Mike
Wed Jul 02 16:26:06 CDT 2003

Sorry for not being clear. i was just trying to do an
export on another pc with any cert on that machine and
the option to export in the pkcs12 format is disabled.

the only common denominator on all the pc's, including my
home pc, is the patch/hotfix level for XP. all machines
are current.

fortunately, i was able to export the netscape code
signing cert in pkcs12 format, and that one seems to be
working. strange thing is that back in october of 2002,
the reason we used the IE cert was that the netscape one
would not work.

go figure. maybe whatever patch that hosed the IE export
for the pkcs12 fixed the netscape export (not bloody
likely though).

at this point, i am more curious than concerned since i
have a pkcs12 export that works.

sorry for any confusion.

>-----Original Message-----
>"Mike Cipriani" <cipriani.ma@mellon.com> wrote in message
>news:000001c340bc$37484ba0$a501280a@phx.gbl...
>>
>> i have also imported the cert to other pc's and tried
to
>> export from there and ran into the same issue, but this
>> could be because it is not in the personal store on
those
>> other pc's.
>>
>How did you do that? (imported the cert to other pcs if
you
>can't export the private key?)
>If you imported just the public certificate, you
obviously would
>not be able to get any private key.
> - Mitch
>
>
>.
>
Top

Re: Export cert to pkcs12 format by vivienw

vivienw
Thu Jul 03 06:57:15 CDT 2003

Hello,

The following information is for your reference.

1. Currently, there is no known issue about PKCS #12 related to Windows
Updates.

2. To use the PKCS #12 format in Windows XP, the cryptographic service
provider (CSP) must recognize the certificate and keys as exportable. If a
certificate was issued from a Windows 2000 certification authority, the
private key for that certificate is only exportable if one of the following
is true:

- The certificate is for EFS (encrypting file system) or EFS recovery.
- The certificate was requested through the Advanced Certificate Request
certification authority Web page with the Mark keys as exportable check box
selected.

3. For related information, you can also check the section "The option to
export my key from IE in PKCS#12 format is greyed out!" in the article
below.

It seems that Netcape and IE use different process to import/export PKCS#12.

http://www.thawte.com/html/SUPPORT/devel/multi.html

Thanks.

NOTE: This response contains a reference to a third party World Wide Web
site. Microsoft can make no representation concerning the content of these
sites. Microsoft is providing this information only as a convenience to
you.

Sincerely,

Vivien Wu
MCSA, MCSE2000 and MCDBA2000
Microsoft Partner Online Support


Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

Top

Re: Export cert to pkcs12 format by michael

michael
Thu Jul 03 09:24:35 CDT 2003

thanks for all the info all. much appreciated


>-----Original Message-----
>Hello,
>
>The following information is for your reference.
>
>1. Currently, there is no known issue about PKCS #12
related to Windows
>Updates.
>
>2. To use the PKCS #12 format in Windows XP, the
cryptographic service
>provider (CSP) must recognize the certificate and keys
as exportable. If a
>certificate was issued from a Windows 2000 certification
authority, the
>private key for that certificate is only exportable if
one of the following
>is true:
>
>- The certificate is for EFS (encrypting file system) or
EFS recovery.
>- The certificate was requested through the Advanced
Certificate Request
>certification authority Web page with the Mark keys as
exportable check box
>selected.
>
>3. For related information, you can also check the
section "The option to
>export my key from IE in PKCS#12 format is greyed out!"
in the article
>below.
>
>It seems that Netcape and IE use different process to
import/export PKCS#12.
>
>http://www.thawte.com/html/SUPPORT/devel/multi.html
>
>Thanks.
>
>NOTE: This response contains a reference to a third
party World Wide Web
>site. Microsoft can make no representation concerning
the content of these
>sites. Microsoft is providing this information only as
a convenience to
>you.
>
>Sincerely,
>
>Vivien Wu
>MCSA, MCSE2000 and MCDBA2000
>Microsoft Partner Online Support
>
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please Reply to Group via your
newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided AS IS with no warranties, and
confers no rights.
>
>.
>
Top