Reputation: 9413
Use of the certificate with private key not marked as exportable
I would like to know what is the use of certificate of which private key is not marked as epxortable. I saw that while sending a certificate request from Internet Explorer to a certificate server, it gives option to mark the key as not exportable.
Upvotes: 1
Views: 3154
Answers (1)
Reputation: 46070
This is not a common usage scenario to create a non-exportable private key when creating a certificate request unless this key goes directly to the hardware (USB token and alike). Yet, it's possible for example when machine-bound certificates are created in corporate environments. In this case it's better to mark the certificate as non-exportable - if the machine is gone, you can issue new certificate for new machine and block (revoke) the previous one.
Usually non-exportable keys are used when you import the existing certificate with a private key - non-exportable flag is set for security reason.
Upvotes: 2
Related Questions
- Microsoft PKI all users can request certs with exportable private keys even when unchecked on template
- How to export private key from Windows Certificate Manager?
- X509Certificate2 has private key not exportable?
- Exporting X.509 certificate WITHOUT private key
- What do I need to do to get Internet Explorer 8 to accept a self signed certificate?
- Certificate's private key is exported as a different value?
- No private key in SSL Certificate for IIS 6.0
- Exporting the SSL certificate with the private Key on windows
- "Bad key" exception for certificates with exportable private key
- Internet Explorer and client authetication