Q. You can export a private key from a template that was created without export permission in Windows Server 2003?
Jerold Schulman
October 5, 2006
1 Min Read
If you duplicate a certificate template in the Windows Server 2003 enterprise CA (Certification Authority) and DO NOT select the Allow private key to be exported box, the new template is added to the list of available templates.
If another user requests a certificate and selects the new template, during Web enrollment, they can select the Mark keys as exportable box, allowing private keys to be exported.
To workaround this behavior, the user that requests a new certificate must select a different template first, and then select the duplicated template. This will cause the Mark keys as exportable box to be unavailable.
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like