Difference between revisions of "Windows Certifcate Mangement"
Jump to navigation
Jump to search
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
A certificate may contain privatekey. A private key or pkcs12 can only be exported if it is marked exportable unless you hack the registry. | A certificate may contain privatekey. A private key or pkcs12 can only be exported if it is marked exportable unless you hack the registry. | ||
| + | |||
| + | # Export Non-Exportable Private Key | ||
| + | - https://www.yuenx.com/2022/certificate-security-export-cert-with-non-exportable-private-key-marked-as-not-exportable-windows-pki/ | ||
# Export & Print | # Export & Print | ||
| Line 8: | Line 11: | ||
``` | ``` | ||
openssl x509 -noout -text -in intermediate.cer | openssl x509 -noout -text -in intermediate.cer | ||
| + | ``` | ||
| + | |||
| + | https://www.c-sharpcorner.com/article/creating-certificate-using-openssl-on-windows-for-ssltls-communication2/ | ||
| + | |||
| + | ``` | ||
| + | [ ca ] | ||
| + | default_ca = ca_default | ||
| + | |||
| + | [ ca_default ] | ||
| + | base_dir = $ENV::HOME/.ssh | ||
| + | certificate = $base_dir/datapipe-ca.crt | ||
| + | copy_extensions = copy | ||
| + | database = $base_dir/index.txt | ||
| + | default_days = 365 | ||
| + | default_md = sha256 | ||
| + | new_certs_dir = $base_dir | ||
| + | policy = signing_policy | ||
| + | private_key = $base_dir/datapipe-ca.key | ||
| + | serial = $base_dir/serial.txt | ||
| + | unique_subject = no | ||
| + | |||
| + | [ signing_policy ] | ||
| + | commonName = supplied | ||
| + | |||
| + | [ v3_server ] | ||
| + | authorityKeyIdentifier=keyid,issuer | ||
| + | basicConstraints = critical,CA:FALSE | ||
| + | extendedKeyUsage = critical,serverAuth | ||
| + | keyUsage = digitalSignature, keyEncipherment | ||
| + | subjectKeyIdentifier=hash | ||
``` | ``` | ||
Latest revision as of 14:54, 2 November 2023
A certificate may contain privatekey. A private key or pkcs12 can only be exported if it is marked exportable unless you hack the registry.
Export Non-Exportable Private Key
Export & Print
- Click: Search -> Type: Manage Computer Certificates
- Export certificate to .cer (binary)
openssl x509 -noout -text -in intermediate.cer
[ ca ] default_ca = ca_default [ ca_default ] base_dir = $ENV::HOME/.ssh certificate = $base_dir/datapipe-ca.crt copy_extensions = copy database = $base_dir/index.txt default_days = 365 default_md = sha256 new_certs_dir = $base_dir policy = signing_policy private_key = $base_dir/datapipe-ca.key serial = $base_dir/serial.txt unique_subject = no [ signing_policy ] commonName = supplied [ v3_server ] authorityKeyIdentifier=keyid,issuer basicConstraints = critical,CA:FALSE extendedKeyUsage = critical,serverAuth keyUsage = digitalSignature, keyEncipherment subjectKeyIdentifier=hash