Configuration Example, Security
Windows CA template – web server and private key export
Creating a web server certificate request is very easy when using a Windows CA server. There is one disadvantage. The requested certificate is directly stored in the user store (by default) or the local computer store, if specified during the request. The disadvantage is that you cannot export the requested certificate including the private keys. During the request the option to Mark keys as exportable is grayed out.
There is a way to mark the keys as exportable when using a Windows CA server. You need to create a new Web Server Certificate template. You can use the existing Web Server Certificate Template as default and copy the current settings. To do so, you just:
- run certtmpl.msc, which will open the Certificate Template snap-in;
- click the Web Server certificate template;
- choose Action – Duplicate Template;
- configure a unique template name;
- choose the tab Request Handling;
- enable the option Allow private key to be exported;
That is all you need to do. You can now request a new certificate with the newly create certificate template. After the certificate is issued and installed on the user or local computer store, you can export the certificate including the private key.
René Jorissen
Latest posts by René Jorissen (see all)
- MacOS Big Sur and SSLKEYFILELOG - November 23, 2021
- ClearPass, Azure AD, SSO and Object ID - August 12, 2021
- ClearPass – custom MPSK - July 20, 2021
It’s awesome to go to see this site and reading the
views of all colleagues on the topic of this paragraph, while I am also eager of getting familiarity.
Here is my web blog – vexxhost testimonies; Antoine,