Win-acme: the associated private key is marked as not exportable

Created on 22 Jan 2020  路  4Comments  路  Source: win-acme/win-acme

Describe the bug
Windows 2016 Server

After the cert is installed.
I run MMC
Install Certificates - Web Hosting
Right-click on Cert.
All-task - Export
Next
(Greyed out) Yes, export the private key.
(I NEED that key to be exportable. WHY, would you make it so it is not exportable???)

To Reproduce

  1. G:\SSL\Win-Acme\win-acme.v2.1.2.641>wacs
  2. N, , 3, 1, ,
  3. Certs created and installed successfully.

Expected behavior
When I've generated and installed certs before with the older version of the software, I was able to export the certs to use across my server forest.
Generate one cert and use it across multiple machines.

Log
none.

Platform:

  • OS: [Windows 2016, English]
  • Version: [win-acme.v2.1.2.641.x64.pluggable]

Additional context
I miss the way the older tool worked.
Used it for years, and NEVER experienced this issue.

possible bug
Source
picture carrzkiss

All 4 comments

I've you'd READ the upgrade documentation then you would have KNOWN that this would happen and you would have FOUND the setting that makes the private key exportable. Hint: check settings.json.

Even better, write a Powershell install script instead of manually exporting keys.

WouterTinus picture WouterTinus on 22 Jan 2020
👎2

Thank you very much, WouterTinus
I actually like doing it manually.
Also, why would they make this a default setting, when it has always been set to true?

carrzkiss picture carrzkiss on 24 Jan 2020

It happened again last night.
I was unable to export the certificate.
Even though I have this
"PrivateKeyExportable": true,
In the settings.json file

I ended up hitting my limit for the week, so now I have to wait a week before trying it again.
I guess next time, I will just use a PS script to do it, as I am using one to install it, minus well use one to export it.
At least I still have the original cert that expires on the 22 of this month.
So, still have time.
(Yes, I deleted the certs each time they would give me that error.)

carrzkiss picture carrzkiss on 11 Apr 2020

Briefly. You can use one of two options:

  • use multiple storages to export certificate while renewing

  • edit or create "settings.json" file. Set "PrivateKeyExportable" parameter to "true". In case if you are doing this right after renewal with "PrivateKeyExportable" parameter set to "false", remove certificate from local storage first.

aslancherkesov picture aslancherkesov on 2 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

snudel picture snudel  路  3Comments
dylanparry picture dylanparry  路  5Comments
tasheyyla picture tasheyyla  路  3Comments
Stuart88 picture Stuart88  路  4Comments
ahwm picture ahwm  路  5Comments