I am trying to create a self-signed DRA certificate to use with bitlocker to go, following the procedure at http://technet.microsoft.com/en-us/library/dd875530(WS.10).aspx I don't want to store the private key on the local personal certificates store as it happens following the above address. I wish to be able, through certreq or some other tool, to create a self-signed certificate (with the specific OID related to bitlocker dra certificate) directly generating two files, one with extension ".cer" and one with extension ".pfx", exactly like i do through cipher /r:recovery when i create a dra certificate for efs. Is there a way to achieve that? Thanks a lot Michele Ps: I know i can export the private key from the local personal store and delete the private key if the export is successful, but i think that that "delete the private key" is not the same as "wipe private key from disk"Michele