Q. You can export a private key from a template that was created without export permission in Windows Server 2003?

If you duplicate a certificate template in the Windows Server 2003 enterprise CA (Certification Authority) and DO NOT select the Allow private key to be exported box, the new template is added to the list of available templates.

If another user requests a certificate and selects the new template, during Web enrollment, they can select the Mark keys as exportable box, allowing private keys to be exported.

To workaround this behavior, the user that requests a new certificate must select a different template first, and then select the duplicated template. This will cause the Mark keys as exportable box to be unavailable.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish