Forum Discussion

DevelopW's avatar
DevelopW
Copper Contributor
Feb 13, 2024

Export-PfxCertificate Not Protecting Private Key

I launched PowerShell with administrator privileges on Windows 11 and executed the following code to create a PFX file. However, an error occurred, and I couldn't create the PFX file.

 

 

New-SelfSignedCertificate -KeyExportPolicy Exportable -KeySpec KeyExchange -Type Custom -Subject "CN=xxxx-xxxx-xxxx-xxxx-xxxx" -KeyUsage DigitalSignature -CertStoreLocation "Cert:\CurrentUser\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")

Set-Location Cert:\CurrentUser\My
Get-ChildItem | Format-Table Subject, Thumbprint

$password = ConvertTo-SecureString -String "xxxx" -Force -AsPlainText
Export-PfxCertificate -cert Cert:\CurrentUser\My\xxxx-FilePath "%USERPROFILE%\Desktop\cert.pfx" -Password $password

 

 

The error message is as follows.

 

 

Export-PfxCertificate : Export-PfxCertificate : Cannot export non-exportable private key
Location of occurrence: Line: 1, Character: 1

+ Export-PfxCertificate -cert Cert:\CurrentUser\My\xxxxx...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Export-PfxCertificate], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.CertificateServices.Commands.ExportPfxCer
tificate

 


Using "Key Export Policy Exportable" did not work.

What else could I try?
I recently purchased a new PC. On my previous PC, I was able to generate the PFX file correctly, but I don't exactly remember how I did it.

No RepliesBe the first to reply

Resources