Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Certificate marked as not exportable

Tags:

certificate

wcf

I am trying to make a development certificate chain for myself for some testing for WCF. I'm following the insructions on msdn here: How to: Create Temporary Certificates for Use During Development

Unfortunately the instructions don't work. The private key is not exportable. I have even re-tried it with the "-pe" option to makecert.exe and it still doesn't work. I've tried it while running as an administrator and it doesn't work. In mmc itself when using "export" the first screen where it asks about private keys has the "yes/no" option greyed out, and a message below it that says: "The associated private key is marked as not exportable. Only the certificate can be exported."

Any advice? An updated procedure from MSDN maybe, or another one entirely? All I'm looking for is a cert to use with WCF for some basic testing. This is on Windows 8 Pro, though I doubt that matters.

like image 254
Kevin Anderson Avatar asked Apr 23 '13 19:04

Kevin Anderson

1 Answers

See this SO answer. I used it for a WCF project a few months ago.

Create Certificate Authority

Create a self-signed certificate (-r), with an exportable private key (-pe), using SHA1 (-r), for signing (-sky signature). The private key is written to a file (-sv).

makecert -r -pe -n "CN=My Root Authority" -ss CA -sr CurrentUser ^
         -a sha1 -sky signature -cy authority -sv CA.pvk CA.cer

(^= allow batch command-line to wrap line)

Create Server Certificate

Create a server certificate, with an exportable private key (-pe), using SHA1 (-a) for key exchange (-sky exchange). It can be used as an SSL server certificate (-eku 1.3.6.1.5.5.7.3.1). The issuing certificate is in a file (-ic), as is the key (-iv). Use a particular crypto provider (-sp, -sy).

makecert -pe -n "CN=fqdn.of.server" -a sha1 -sky Exchange ^
         -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk ^
         -sp "Microsoft RSA SChannel Cryptographic Provider" ^
         -sy 12 -sv server.pvk server.cer

pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

You then use the .PFX file in your server app (or install it in IIS). Note that, by default, pvk2pfx doesn't apply a password to the output PFX file. You need to use the -po switch for that.

To make all of your client machines trust it, install CA.cer in their certificate stores (in the Trusted Root Authorities store). If you're on a domain, you can use Windows Group Policy to do this globally. If not, you can use the certmgr.msc MMC snapin, or the certutil command-line utility:

certutil -user -addstore Root CA.cer
like image 131
laktak Avatar answered Sep 30 '22 06:09

laktak
Sign in to Comment

Related questions

Error occurred while buffering incoming SOAP message using Metro client
WCF - 'The service certificate is not provided for target' error for WCF client calling a WCF service
Is WCF recommended to use with WPF and MVVM to retrieve data from SQL Server?
Stop WCF Deserializing Empty ICollection into Zero Capacity Array
How to use a WCF Dual Service over the internet?
Running consol application in debug mode with WCF selfhosting?
MVC + WCF + TDD or DDD architecture [closed]
WCF error when converting datetime to json format
The remote server returned an error: (413) Request Entity Too Large + WCF
WCF will not return an int
Starting multiple services on threads
Can I edit Resource file at runtime
Best way to limit WCF Service to specific User Accounts
WCF Streaming - who closes the file?
How to bill my customers that are using my Azure cloud service?
How to deploy a WCF web service in IIS 8.0 using Visual Studio 2012?
3 tiers nhibernate + wcf + Silverlight
Posting a JSONArray to WCF Service from android
embed app config into c# code in wcf
Include existing service reference folder to project in visual studio 2010

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!