Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You can export a private key from a template that was created without export permission in Windows Server 2003

You can export a private key from a template that was created without export permission in Windows Server 2003

View products that this article applies to.

Symptoms

Consider the following scenario in Microsoft Windows Server 2003:
  • You duplicate a certificate template in the Windows Server 2003 enterprise certification authority (CA).
  • You do not select the Allow private key to be exported check box.

    Note When this option is not selected, private keys cannot be exported in the network.
  • The new template is added to the list of available templates.
  • During a Web enrollment, another user requests a certificate and selects the new template.
In this scenario, the user can select the Mark keys as exportable check box. When this check box is selected, private keys can be exported. The availability of this check box is not expected.

↑ Back to the top

Workaround

To work around this problem, the user who requests a new certificate must first select a different template and then select the duplicated template. When the user does this, the Mark keys as exportable check box is unavailable. Therefore, private keys cannot be exported.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

Keywords: KB924033, kbprb, kbtshoot, kbsecurity

↑ Back to the top

Article Info
Article ID : 924033
Revision : 5
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 208