HI, I am trying to create a certificate for a user and then later use the private and public key in an application. I can export the user certificate with the public key easily in Server 2003 and later versions however I am unable to do so when the CA is a 2000 Server. So, the main motive is, that for a particular user certificate, I need to extract the Public and Private keys seperately. Any idea how this can be achieved? This is critical for the functioning of my application. Regards Andy

Andy - can you describe the steps you are going through and at what point the process fails? hth Marcin

Hi Marcin, I am doing the following steps: 1. Log in to the Windows 2000 CA (this is domain joined) with the credentials of the domain user for which the user certificate is required 2. Start mmc and add the snap in for Certificates 3. Right click on the Personal folder and in All Tasks -> Request New Certificate 4. Choose User Certificate option 5. Keep on moving forward with default options till the certificate is issued. 6. Install the certificate 7. Refresh the personal folder 8. Right click on the issued certificate and choose Export 9. Now, while exporting the option to Export private key also is not enabled at all.

Hellom first of all this is Directory Services forum and your question is not related to it. Better to ask them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads Second, Windows 2000 is not yet supported so it will be better to upgrade your OS. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

As http://technet.microsoft.com/en-us/library/cc738545(WS.10).aspx states: "To use the PKCS #12 format, the cryptographic service provider (CSP) must recognize the certificate and keys as exportable. If a certificate was issued from a Windows Server 2003 or Windows 2000 certification authority, the private key for that certificate is only exportable if one of the following is true: The certificate is for EFS (Encrypting File System) or EFS recovery. The certificate was requested through the Advanced Certificate Request certification authority Web page with the Mark keys as exportable check box selected." hth Marcin

For the benifit of all, I posted this question to the security forum also as suggested, and it has been answered there also http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/4441f1d7-e82c-4b94-816a-02d0e0b43213