Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Export Personal Certificate using CertUtil -BackupKey

1,627 views
Skip to first unread message

CK

unread,
Mar 5, 2009, 3:03:15 PM3/5/09
to
I'm trying to use "certutil -backupkey" to export an Encrypting File
System certificate from my "Personal Certificates" store, and apply a
password to it. I've tried:

certutil -backupkey -config -p p@$$w0rd1 C:\

Error:
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
Expected no more than 1 args, received 2
CertUtil: Too many arguments


Does anyone know how to do this?

Martin Rublik

unread,
Mar 5, 2009, 3:59:54 PM3/5/09
to
How about

certutil -p p@$$w0rd1 -backupkey c:\cabackup?

Martin

Martin Rublik

unread,
Mar 5, 2009, 4:18:41 PM3/5/09
to
Moreover,

if you want to do this on a remote ca (-config option) you can use something
like this:
certutil -p p@$$w0rd1 -config CAMACHINENAME\CANAME -backupkey c:\cabackup e.g.

certutil -p p@$$w0rd1 -config "casrv01\Test Root CA" -backupkey c:\cabackup

HTH
Martin Rublik

CK

unread,
Mar 5, 2009, 4:31:46 PM3/5/09
to
> >> Does anyone know how to do this?- Hide quoted text -
>
> - Show quoted text -

Martin -
Thanks for the tips. I'm not doing it on a remote CA server.

I tried the tip in your first post and I got this error:

C:\> certutil -p password -backupkey C:\Backup


402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version

417.329.0: 0x80070103 (WIN32: 259)
417.596.0: 0x80070103 (WIN32: 259)
410.2618.0: 0x80070002 (WIN32: 2)
410.2633.0: 0x80070103 (WIN32: 259)
CertUtil: No local Certification Authority; use -config option
301.2585.0: 0x80070103 (WIN32: 259)
301.2824.0: 0x80070103 (WIN32: 259)
CertUtil: No more data is available.
301.3128.0: 0x80070103 (WIN32: 259)

CK

unread,
Mar 5, 2009, 4:48:26 PM3/5/09
to
On Mar 5, 4:31 pm, CK <ckonie...@gmail.com> wrote:
> On Mar 5, 4:18 pm, Martin Rublik <martin.rub...@nospam.com> wrote:
>
>
>
>
>
> > Moreover,
>
> > if you want to do this on a remote ca (-config option) you can use something
> > like this:
> >  certutil-p p@$$w0rd1 -config CAMACHINENAME\CANAME -backupkeyc:\cabackup e.g.
>
> >  certutil-p p@$$w0rd1 -config "casrv01\Test Root CA" -backupkeyc:\cabackup

>
> > HTH
> > Martin Rublik
>
> > Martin Rublik wrote:
> > > How about
>
> > >  certutil-p p@$$w0rd1 -backupkeyc:\cabackup?
>
> > > Martin
>
> > > CK wrote:
> > >> I'm trying to use "certutil-backupkey" to export an Encrypting File

> > >> System certificate from my "Personal Certificates" store, and apply a
> > >> password to it.  I've tried:
>
> > >>certutil-backupkey-config -p p@$$w0rd1 C:\

>
> > >> Error:
> > >> 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
> > >> Expected no more than 1 args, received 2
> > >>CertUtil: Too many arguments
>
> > >> Does anyone know how to do this?- Hide quoted text -
>
> > - Show quoted text -
>
> Martin -
> Thanks for the tips.  I'm not doing it on a remote CA server.
>
> I tried the tip in your first post and I got this error:
>
> C:\>certutil-p password -backupkeyC:\Backup

> 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
> 417.329.0: 0x80070103 (WIN32: 259)
> 417.596.0: 0x80070103 (WIN32: 259)
> 410.2618.0: 0x80070002 (WIN32: 2)
> 410.2633.0: 0x80070103 (WIN32: 259)CertUtil: No local Certification Authority; use -config option
> 301.2585.0: 0x80070103 (WIN32: 259)
> 301.2824.0: 0x80070103 (WIN32: 259)CertUtil: No more data is available.
> 301.3128.0: 0x80070103 (WIN32: 259)- Hide quoted text -

>
> - Show quoted text -

Just in case anyone has this same problem in the future, here is the
resolution:

certutil -f -p password1 -user -exportPFX 123456789010a0d0e0a0123 c:
\backup\encryptionCert.pfx

Martin Rublik

unread,
Mar 5, 2009, 4:56:36 PM3/5/09
to
Sorry :), I hadn't your post properly. I thought that you are trying to backup a
CA key:).

Martin

Message has been deleted
0 new messages