IIS: Export Private Key Option is Grayed When Exporting a Server Certificate (232154)
The information in this article applies to:
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services version 6.0
This article was previously published under Q232154 SYMPTOMS Using the Certificates snap-in in Microsoft Windows 2000
and later, you can do many tasks regarding certificates and certificate
management. One of these tasks is exporting server certificates for use in an
Internet Information Services (IIS) versions 5.0 and later Web server. In order
for a server certificate to be used by the web server, you must export the
private key along with the certificate. Without the private key, data
encryption (and therefore secure communications) is not possible.
When exporting the server certificate from the server's personal
certificate store, you may not have the option to export the private key. If
this is the case, when the certificate was imported, the option to allow the
private key to be exported may have been unchecked. This is a security measure
to prevent a possible compromise of the server's private key. Since this could
be a potential security risk, the option to mark the private key as exportable
is not checked by default. RESOLUTION In order to correct this problem, you will need access to
the original certificate backup (.pfx) file. To ensure this problem does not
happen in the future (should you want to export the private key again) make
sure during the import process that you select the box "mark the private key as
exportable."
| Modification Type: | Minor | Last Reviewed: | 7/15/2004 |
|---|
| Keywords: | kbpending kbprb KB232154 |
|---|
|