Exporting/importing Certificate+private key from remote machine

Discussion:

(too old to reply)

Abhi

2004-12-01 06:53:01 UTC

Hi,

Can anyone tell me how to export/import certificate+private key from a
remote machine.

This is what I tried doing:
1. I opened personal ("MY") certificate store on a remote machine using
CertOpenStore().
2. Retrived the certificate context by enumerating certificates in remote
store using CertEnumCertificatesInStore() and selecting the desired
certificate.
3. added the desired certificate context to a separate
store(hTempStoreHandle) using CertAddCertificateContextToStore().
4.I used PFXExportCertStore(hTempStoreHandle...,EXPORT_PRIVATE_KEYS) to
get the PFX BLOB which failed. So I tried calling this function using
REPORT_NO_PRIVATE_KEY and it worked without giving error.
5 The BLOB is a PFX packet which i confirmed using PFXIsPFXBlob().
6. I tried importing this BLOB to local machine using PFXImportCertStore()
which also worked fine.
But the certificate is not visible in 'MY' store of local machine.
7. Then I created a temporary file and wrote the BLOB data with .pfx
extension.
8. Then I installed the certificate from this .pfx file onto local machine.

Now to check whether I got the private keys along with, I tried exporting
this certificate , and it said that private keys not found.

Please let me know in case ther is some other API by which I can import
certificate+private key from remote machine onto local machine.

Best
Abhi

David Cross [MS]

2004-12-01 13:16:55 UTC

Permalink

are you impersonating the user and loading the user profile on the remote
machine?
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Top Whitepapers:

Auto-enrollment whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Best Practices for implementing Windows Server 2003 PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Troubleshooting Certificate Status and Revocation whitepaper:
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx

Post by Abhi
Hi,
Can anyone tell me how to export/import certificate+private key from a
remote machine.
1. I opened personal ("MY") certificate store on a remote machine using
CertOpenStore().
2. Retrived the certificate context by enumerating certificates in remote
store using CertEnumCertificatesInStore() and selecting the desired
certificate.
3. added the desired certificate context to a separate
store(hTempStoreHandle) using CertAddCertificateContextToStore().
4.I used PFXExportCertStore(hTempStoreHandle...,EXPORT_PRIVATE_KEYS) to
get the PFX BLOB which failed. So I tried calling this function using
REPORT_NO_PRIVATE_KEY and it worked without giving error.
5 The BLOB is a PFX packet which i confirmed using PFXIsPFXBlob().
6. I tried importing this BLOB to local machine using PFXImportCertStore()
which also worked fine.
But the certificate is not visible in 'MY' store of local machine.
7. Then I created a temporary file and wrote the BLOB data with .pfx
extension.
8. Then I installed the certificate from this .pfx file onto local machine.
Now to check whether I got the private keys along with, I tried exporting
this certificate , and it said that private keys not found.
Please let me know in case ther is some other API by which I can import
certificate+private key from remote machine onto local machine.
Best
Abhi

Abhi

2004-12-01 15:25:07 UTC

Permalink

I am running the program as 'Administrator' of remote machine from which I
am trying to copy certificate and private key.

Best
Abhi

Post by David Cross [MS]
are you impersonating the user and loading the user profile on the remote
machine?
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx

David Cross [MS]

2004-12-02 13:09:57 UTC

Permalink

are you loading the user profile?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/policy/policy/loaduserprofile.asp
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Top Whitepapers:

Auto-enrollment whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Best Practices for implementing Windows Server 2003 PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Troubleshooting Certificate Status and Revocation whitepaper:
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx

Post by Abhi
I am running the program as 'Administrator' of remote machine from which I
am trying to copy certificate and private key.
Best
Abhi

Post by Abhi
Hi,
Can anyone tell me how to export/import certificate+private key from a
remote machine.
1. I opened personal ("MY") certificate store on a remote machine using
CertOpenStore().
2. Retrived the certificate context by enumerating certificates in remote
store using CertEnumCertificatesInStore() and selecting the desired
certificate.
3. added the desired certificate context to a separate
store(hTempStoreHandle) using CertAddCertificateContextToStore().
4.I used PFXExportCertStore(hTempStoreHandle...,EXPORT_PRIVATE_KEYS) to
get the PFX BLOB which failed. So I tried calling this function using
REPORT_NO_PRIVATE_KEY and it worked without giving error.
5 The BLOB is a PFX packet which i confirmed using PFXIsPFXBlob().
6. I tried importing this BLOB to local machine using
PFXImportCertStore()
which also worked fine.
But the certificate is not visible in 'MY' store of local machine.
7. Then I created a temporary file and wrote the BLOB data with .pfx
extension.
8. Then I installed the certificate from this .pfx file onto local machine.
Now to check whether I got the private keys along with, I tried exporting
this certificate , and it said that private keys not found.
Please let me know in case ther is some other API by which I can import
certificate+private key from remote machine onto local machine.
Best
Abhi