How to get an exportable client certificate?

  • Thread starter Thread starter Ruud Uphoff
  • Start date Start date
R

Ruud Uphoff

Hi,

I've the following problem when attempting to export a e-mail client
certificate.

“The associated private key is marked as not exportableâ€

This happens after installing the certificate regardless the authority.
I tried:
- Verisign: They don't know
- CaCert" tried to teach me the procedure I know already but does not work.
- Thawte They don't know
- Commodo: they don't know.

I'm not the only person having this problem, as "same problem here" is
the only and frequently response in forums of the authorities.

Is there, PLEASE, :-) someone who assumes nothing but just knows what is
the problem with Vista? (and a possible solution)

Kind Regards,
Ruud Uphoff
 
Ruud Uphoff684137 Wrote:
> Hi,
>
> I've the following problem when attempting to export a e-mail client
> certificate.
>
> “The associated private key is marked as not exportableâ€
>
> This happens after installing the certificate regardless the authority.
> I tried:
> - Verisign: They don't know
> - CaCert" tried to teach me the procedure I know already but does not
> work.
> - Thawte They don't know
> - Commodo: they don't know.
>
> I'm not the only person having this problem, as "same problem here" is
> the only and frequently response in forums of the authorities.
>
> Is there, PLEASE, :-) someone who assumes nothing but just knows what
> is
> the problem with Vista? (and a possible solution)
>
> Kind Regards,
> Ruud Uphoff

Ruud,

For email certificates, I can recommend Comodo. They do allow you to
create an exportable certificate. To get an exportable email
certification go to their website: 'Free Secure Email Certificates
Secure Email Certificate Email Security Digital Email Signatures'
(http://www.comodo.com/products/certificate...ertificate.html)

When you get into the screen where you enter your details, click
advanced options, and select make this certificate exportable.

If you've already got a certificate from comodo, then you'll have to
request that the existing one is revoked and ask them to issue you a new
one and use the advanced options on the sign up page.

Whether or not a digital certificate is exportable is not a function of
Vista. It is the responsibility of the certificate issuer.

Good luck!


--
.Joe

_[image:
http://uswave.net/vistax64/joetmvx64.png] (\"http://uswave.net/vistax64/joetmvx64.png\")_
_*::Vista_Forums::* (\"http://www.vistax64.com/\")_
_Geekbench_Score:_4031 (\"http://browse.geekbench.ca/geekbench2/view/51273\")_
_CPU-Z (\"http://valid.x86-secret.com/show_oc.php?id=345866\")_
 
Only stating the obvious first... have you looked at:
http://windowshelp.microsoft.com/Windows/e...521033.mspx#EJC

Please note that it must be both Exported by the original computer and
Imported by the end computer.


Someone else's observation on diagnosing the problem:
http://www.tomshardware.com/forum/224739-4...rked-exportable

Is the private key actually associated with the certificate?
Example:
c:\certutil -repairstore MY 0
More detail:
http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true

On the Import machine:
http://support.microsoft.com/kb/842210

Well... it's a starting point. Hope it helps.




"Ruud Uphoff" wrote in message
news:48048cea$0$14350$e4fe514c@news.xs4all.nl...
> Hi,
>
> I've the following problem when attempting to export a e-mail client
> certificate.
>
> “The associated private key is marked as not exportableâ€
>
> This happens after installing the certificate regardless the authority.
> I tried:
> - Verisign: They don't know
> - CaCert" tried to teach me the procedure I know already but does not
work.
> - Thawte They don't know
> - Commodo: they don't know.
>
> I'm not the only person having this problem, as "same problem here" is
> the only and frequently response in forums of the authorities.
>
> Is there, PLEASE, :-) someone who assumes nothing but just knows what is
> the problem with Vista? (and a possible solution)
>
> Kind Regards,
> Ruud Uphoff
 
You need to mark the key as exportable when you generate the actual
certificate request.
For example, if you are using certreq.exe , you would designate the key as
exportable by adding the "Exportable = TRUE" line to the inf file.
Bottom line is you cannot make a key exportable after the fact

Brian

"Ruud Uphoff" wrote in message
news:48048cea$0$14350$e4fe514c@news.xs4all.nl...
> Hi,
>
> I've the following problem when attempting to export a e-mail client
> certificate.
>
> “The associated private key is marked as not exportableâ€
>
> This happens after installing the certificate regardless the authority. I
> tried:
> - Verisign: They don't know
> - CaCert" tried to teach me the procedure I know already but does not
> work.
> - Thawte They don't know
> - Commodo: they don't know.
>
> I'm not the only person having this problem, as "same problem here" is the
> only and frequently response in forums of the authorities.
>
> Is there, PLEASE, :-) someone who assumes nothing but just knows what is
> the problem with Vista? (and a possible solution)
>
> Kind Regards,
> Ruud Uphoff
 
..Joe wrote:
> Ruud Uphoff684137 Wrote:
>> Hi,
>>
>> I've the following problem when attempting to export a e-mail client
>> certificate.
>>
>> “The associated private key is marked as not exportableâ€
>>
>> This happens after installing the certificate regardless the authority.
>> I tried:
>> - Verisign: They don't know
>> - CaCert" tried to teach me the procedure I know already but does not
>> work.
>> - Thawte They don't know
>> - Commodo: they don't know.
>>
>> I'm not the only person having this problem, as "same problem here" is
>> the only and frequently response in forums of the authorities.
>>
>> Is there, PLEASE, :-) someone who assumes nothing but just knows what
>> is
>> the problem with Vista? (and a possible solution)
>>
>> Kind Regards,
>> Ruud Uphoff
>
> Ruud,
>
> For email certificates, I can recommend Comodo. They do allow you to
> create an exportable certificate. To get an exportable email
> certification go to their website: 'Free Secure Email Certificates
> Secure Email Certificate Email Security Digital Email Signatures'
> (http://www.comodo.com/products/certificate...ertificate.html)
>
> When you get into the screen where you enter your details, click
> advanced options, and select make this certificate exportable.
>
> If you've already got a certificate from comodo, then you'll have to
> request that the existing one is revoked and ask them to issue you a new
> one and use the advanced options on the sign up page.
>
> Whether or not a digital certificate is exportable is not a function of
> Vista. It is the responsibility of the certificate issuer.
>
> Good luck!
>

Unfortunately, the cert of several issuers just don't work for Vista.
This was also the case with Comodo...

However, I followed your suggestion and... YEP! They replied within an
hour (great service!)telling me they have removed all my data. I tried
again and now it works! Thanks for your help!

Ruud
 
Back
Top