SSL: How to Export Non-Exportable Private Keys

When migrating from one computer system to another, it may be necessary to transfer or import/export certificates from one system to another but there can be issues when exporting the private key from the source system.  When installing a certificate, the private key is not marked as exportable by default as shown below and if one is not paying attention could click right by it, not realizing their potential mistake until years later when needing to export the certificate to a new machine:

If Mark this key as exportable is not checked, you can still export the certificate on the source system and import it onto the destination system without any problems…at least on the surface.  You won’t know there’s an issue until you try to access a secure site which requires the private key to complete an authentication request at which point you wonder how in the world you’re going to get the private key.

If the source machine is a 32-bit machine, you can use a utility called Jailbreak to export “non-exportable” private keys/certificates.

1. Once downloaded, extract the contents of Jailbreaks ZIP file and execute Jailbreak.exe.  In the screenshot, I have right-clicked and have “Run as” selected because Administrative rights are required to run it.  However, in this case, the certificate I needed to export was a User specific, not a machine specific certificate so I needed to run Jailbreak as the user, thus the user was added into the local Administrators group and “Run as” was not required.

2. Jailbreak will launch a Jailbreak MMC Certificates console as shown below.  Locate the certificate in question and then  In this case, the certificate was in the Current User | Personal certificate store.  Right-click the certificate and choose Export.

3. On the Export Private Key screen, select Yes, export the private key and click Next to continue.  Complete the export wizard and then import the newly exported certificate onto the destination system.  With the private key, any applications/sites requiring the private key should work just fine.

Leave a comment

Filed under Certificates, Utilities

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s