A certificate may contain privatekey. A private key or pkcs12 can only be exported if it is marked exportable unless you hack the registry.

Export Non-Exportable Private Key

https://www.yuenx.com/2022/certificate-security-export-cert-with-non-exportable-private-key-marked-as-not-exportable-windows-pki/

Export & Print

Click: Search -> Type: Manage Computer Certificates
Export certificate to .cer (binary)

openssl x509 -noout -text -in intermediate.cer

https://www.c-sharpcorner.com/article/creating-certificate-using-openssl-on-windows-for-ssltls-communication2/

[ ca ]
default_ca = ca_default

[ ca_default ]
base_dir = $ENV::HOME/.ssh
certificate = $base_dir/datapipe-ca.crt
copy_extensions = copy
database = $base_dir/index.txt
default_days = 365
default_md = sha256
new_certs_dir = $base_dir
policy = signing_policy
private_key = $base_dir/datapipe-ca.key
serial = $base_dir/serial.txt
unique_subject = no

[ signing_policy ]
commonName = supplied

[ v3_server ]
authorityKeyIdentifier=keyid,issuer
basicConstraints = critical,CA:FALSE
extendedKeyUsage = critical,serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectKeyIdentifier=hash

Windows Certifcate Mangement

Export Non-Exportable Private Key

Export & Print

Navigation menu

Search