Certificate request doesn’t allow the private key of the enrolled certificate to be exported

Hi all,


The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#). After he enrolled the certificates, he realized that when he tried to export them using the Certificates console he couldn’t export their private key. In their custom certificate template they had specified that private key should be exportable.

It turned out they were not setting “objPrivateKey.ExportPolicy” to “X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG” (IX509PrivateKey::ExportPolicy property) in their code.

I hope this helps.



Alex (Alejandro Campos Magencio)

Comments (1)

  1. Jugdeep Singh says:

    Hi Alex,

    Can you please explain the code. when I create .cer file  install the certificate then it showing message for private key,

    While when i generate PFX file with password  then install certificate then it goes to other people folder & didn’t show message for private key.

    When debugging the code while creating X509Certificate using .cer file or raw data then its giving private key value NULL.

    Please give a solution to create pfx file with private key.