How to get an exportable client certificate?

  • Thread starter Thread starter Ruud Uphoff
  • Start date Start date
R

Ruud Uphoff

Hi,

I've the following problem when attempting to export a e-mail client
certificate.

“The associated private key is marked as not exportable”

This happens after installing the certificate regardless the authority.
I tried:
- Verisign: They don't know
- CaCert" tried to teach me the procedure I know already but does not work.
- Thawte They don't know
- Commodo: they don't know.

I'm not the only person having this problem, as "same problem here" is
the only and frequently response in forums of the authorities.

Is there, PLEASE, :-) someone who assumes nothing but just knows what is
the problem with Vista? (and a possible solution)

Kind Regards,
Ruud Uphoff
 
Only stating the obvious first... have you looked at:
http://windowshelp.microsoft.com/Wi...997d-cad4-4b95-84b1-efb3ede7cd521033.mspx#EJC

Please note that it must be both Exported by the original computer and
Imported by the end computer.


Someone else's observation on diagnosing the problem:
http://www.tomshardware.com/forum/224739-46-ways-export-private-marked-exportable

Is the private key actually associated with the certificate?
Example:
c:\certutil -repairstore MY 0
More detail:
http://technet2.microsoft.com/windo...4b66-41ee-97a5-5ae181beae2d1033.mspx?mfr=true

On the Import machine:
http://support.microsoft.com/kb/842210

Well... it's a starting point. Hope it helps.
 
You need to mark the key as exportable when you generate the actual
certificate request.
For example, if you are using certreq.exe , you would designate the key as
exportable by adding the "Exportable = TRUE" line to the inf file.
Bottom line is you cannot make a key exportable after the fact

Brian
 
..Joe said:
Ruud,

For email certificates, I can recommend Comodo. They do allow you to
create an exportable certificate. To get an exportable email
certification go to their website: 'Free Secure Email Certificates
Secure Email Certificate Email Security Digital Email Signatures'
(http://www.comodo.com/products/certificate_services/email_certificate.html)

When you get into the screen where you enter your details, click
advanced options, and select make this certificate exportable.

If you've already got a certificate from comodo, then you'll have to
request that the existing one is revoked and ask them to issue you a new
one and use the advanced options on the sign up page.

Whether or not a digital certificate is exportable is not a function of
Vista. It is the responsibility of the certificate issuer.

Good luck!

Unfortunately, the cert of several issuers just don't work for Vista.
This was also the case with Comodo...

However, I followed your suggestion and... YEP! They replied within an
hour (great service!)telling me they have removed all my data. I tried
again and now it works! Thanks for your help!

Ruud
 
Back
Top