2

Just got a new laptop and encrypted a couple of folders, the handy "export certificate" reminder popped up, so I exported it. Job done. This reminded me to check I had backed up my other computers' certificates.

I opened CertMgr.msc, went to personal, found the correct certificate and tried to export it.

It gives me a warning that

the associated private key is marked as not exportable. Only the certificate can be exported.

and

Yes, export the private key

is grayed out

When I click next the option to export as "Personal Information Exchange" is grayed out too.

So I'm a bit stuck.

If I can't get it exported, can I decrypt everything, delete the certificate and create a new one? I don't know what else, if anything it is used for.

Thanks

Improve this question
2
  • If you already exported it once I am not sure I understnad the problem. I wouldn't be removing any certificates until you understand the reason you cannot export the current certificate.
    – Ramhound
    Commented May 2, 2016 at 19:01
  • Just because I exported it once, doesn't mean I still have it. Thus the need to re-export it. The question is, why can't I export it, and how do I get around the restriction.
    – Ian
    Commented May 3, 2016 at 7:22

3 Answers 3

Reset to default
1

It seems that the Private key is missing in your case, please check if there is the EFS related file under C:\Users[Yourname]\AppData\Roaming\Microsoft\Crypto\RSA

I have tested on my computer and there is no such issue, I can export with Private key as below:

enter image description here

Please try to decrypt all EFS files and try to encrypt again.

If this issue still persists, I consider if it is caused by corrupted system componenst, run following commands for further test:

Dism /Online /Cleanup-Image /RestoreHealth

SFC /scannow
Improve this answer
0

All your personal certificates and private keys are located in the following folder:

  • %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

If you don't have access to it and you've admin rights, reassign the Administrator account Full access.

See: Can not export private key because the option is greyed out at Comodo

Improve this answer
0

This helped me when I had the Personal Information Exchange greyed out:

  • run certmgr.msc as Administrator
    • click the start menu and start typing to find the certmgr.msc
    • you need to write the whole name including the .msc extension
    • right-click the found program in start menu and select "Run as Administrator"
  • then follow the standard proces - the grayed out options should be now available

OR

  • run Command Prompt (cmd.exe) as administrator and use following comands
    • cipher /x d:\path\to\your\backupFile (no file extension)
    • confirm the popup window
    • type a password used for protecting your EFS certificate, then confirm the password
    • you should see the "EFS certificate(s) is(are) backed up successfully." in command prompt
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .