Hello, I am trying to move a web server certificate (RSA 2048, SHA1) with its private key to a different CSP (on Windows Server 2008 R2 SP1). I export and delete the original certificate with its private key into a .PFX file. If I query the .PFX file with CERTUTIL, it displays the original CSP name for the private key container inside the .PFX file (Strong CSP actually). But if I try to import the .PFX (CERTUTIL -csp -importpfx) file into a different CSP (RSA Schannel CSP in my case or the Software Key Storage Provider CNG), it returns some error. The only way how to import the .PFX file back is to spedify the same CSP as the original specified in the .PFX file. Is it possible to import into another CSP as long as the CSP/CNG supports the certificate parameters? thank you. ondrej.

I have only migrated software-based keys to HSM-protected keys. In that case, I had to convert the PFX to a PEM file for import HTH, BRian

Agree that it should be possible to import into another CSP as long as the CSP supports the certificate parameters! Just tested to import a Microsoft RSA SChannel Cryptographic Provider based certificate using the -csp "Microsoft Software Key Storage Provider" with no errors and the certutil -store command shows that the CSP has changed as expected. /Hasain