Why can’t I export a certificate that I imported as exportable


On Windows 2008, I'm using OpenSSL to generate a self-signed certificate (the openssl.cfg file is empty):

openssl.exe req -x509 -config openssl.cfg -days 10950 -subj "/CN=ComputerName/OU=Organization/ST=OR/C=US/" -newkey rsa:2048 -keyout private.pem -out public.pem -nodes
openssl.exe pkcs12 -export -in public.pem -nodes -inkey private.pem -name "Self-Signed SSL Certificate" -out ssl.cer -passout pass:

I then import the certificate into the Personal store using the Certificates snap-in. When I import it, I check "Mark this key as exportable." However, when I then try to export the certificate, the "Yes, export the private key" option is greyed out, and there is a note on the dialog box which says "Note: The associated private key cannot be found."

Why can't I export my certificate?

Best Answer

It turns out I wasn't running the Certificates snap-in as an administrator. Even though I'm in the Administrators group, I have to right-click MMC, and choose "Run As Administrator."