Unable to export to pfx
Normally a simple task of installing a certificate for IIS and Exchange 2010, however on this occasion once I’d imported the crt file into the Certificate mmc, I couldn’t then export it as a pfx certificate which Exchange 2010 requires for it to be imported.
As you can see all the pfx options are greyed out:
I have to admit I had a few problems initially when installing this certificate as it needed to be revoked due to some errors in the ordering process (not GoDaddys fault). Then I realised that there wasn’t a Key icon on the certificate which it needs in order to be exported as a pfx certificate with the private key information contained in it. So what I needed to do was recover the private key.
First we need the Serial number of the certificate, to do this just double click the certificate from the certificate mmc and you should see it in the details tab.
Now to recover the private key, to do this, first open up a Command prompt (here’s how) and type in certutil –repairstore my serialnumber (Replace serialnumber with the number obtained above)
Once that’s completed successfully then refresh the certificate mmc window and you should now be able to export it as a pfx file to then import into Exchange or where ever you desire.
Hope this gets you out of a sticky Quibble.
Thank you. Worked perfectly
No problem glad to help.
cerutil command needs smart card and i dont have a smart card… i have the exporting problem. Can somebody pls help me out..
Hi Anusha, are you opening a command prompt and using certutil ?
Hey Dan I am getting the same smart card popup message as Anusha and I am opening the command prompt and using certutil please help
No worries, I’ll see what I can do. I didn’t hear back from Anusha, although I think it was a typo I was just checking that he was using certutil as opposed to cerutil. Have you ran the Command Prompt as Administrator? (Right click Command Prompt and click “Run as Administrator”. Dan
Thanks, this really helped me out ..
This is great. It helped me a lot. Note that for my certificate, I needed to add the “-user” command-line option, in order for the certutil to find it in the user user and not in the machine store.
No problem at all, thanks for the additional info.
thanks for your info
Saved my day 🙂
I spent so much time on this, it was ridiculous.
This fixed my issue. Thanks!
thanks this saves me.
Still usefull, thanks !!
Thanks, this was extremely helpful!
Thanks a lot !!!! Spent so much time on figuring this out …
Hi,
I get the following message:
Select a smart card device
is there anything to doe?
thanks.
Sorry, the only way I’ve gotten around this is to import onto another machine, get the key then export to pfx. Once thats complete you can import back to the server with the password you set on the pfx.