Forum Discussion
DevelopW
Feb 13, 2024Copper Contributor
Export-PfxCertificate Not Protecting Private Key
I launched PowerShell with administrator privileges on Windows 11 and executed the following code to create a PFX file. However, an error occurred, and I couldn't create the PFX file.
New-SelfSignedCertificate -KeyExportPolicy Exportable -KeySpec KeyExchange -Type Custom -Subject "CN=xxxx-xxxx-xxxx-xxxx-xxxx" -KeyUsage DigitalSignature -CertStoreLocation "Cert:\CurrentUser\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")
Set-Location Cert:\CurrentUser\My
Get-ChildItem | Format-Table Subject, Thumbprint
$password = ConvertTo-SecureString -String "xxxx" -Force -AsPlainText
Export-PfxCertificate -cert Cert:\CurrentUser\My\xxxx-FilePath "%USERPROFILE%\Desktop\cert.pfx" -Password $password
The error message is as follows.
Export-PfxCertificate : Export-PfxCertificate : Cannot export non-exportable private key
Location of occurrence: Line: 1, Character: 1
+ Export-PfxCertificate -cert Cert:\CurrentUser\My\xxxxx...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Export-PfxCertificate], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.CertificateServices.Commands.ExportPfxCer
tificate
Using "Key Export Policy Exportable" did not work.
What else could I try?
I recently purchased a new PC. On my previous PC, I was able to generate the PFX file correctly, but I don't exactly remember how I did it.
No RepliesBe the first to reply