Certificate Private Key Error

Chiyo OdikaWINDOWS SERVERLeave a Comment

While working with certificates today, I stumbled upon an error that indicated something was amiss with my CA certificate templates. Ordinarily I make only certificate templates with exportable private keys available in my CA web enrollment pages, and I’d explicitly requested and installed the certificate with the thumbprint shown in the error below.

 

image

So I donned my sleuth knickers, and decided to delve a little deeper.

An attempt to manually export the certificate with its private key from the certificate store indicated that there was no private key to be exported, as that option was greyed out

 

image

 

I identified the certificate template from which the certificate was created in the MMC | Certificates snap-in, and then reviewed the properties of the template to determine that the option to export the private key was indeed disabled. I also determined that this is typical of default/ built-in CA certificate templates.

I wrote an article on how to create certificate templates from a Windows Server 2012 R2 CA, and make the templates available for use in the CA web pages.

 

Cheers!

The following two tabs change content below.
Chiyo's expertise spans multiple platforms. He holds Microsoft Private Cloud, and Server Infrastructure certifications, and avidly enjoys working on deployments of Microsoft's Server and Cloud Platforms, including Microsoft Systems Center, Windows Server, and Microsoft Azure.

Latest posts by Chiyo Odika (see all)

Chiyo OdikaCertificate Private Key Error