How secure is the "Allow private key to be exported" setting in the certificate templates?

Uwe GradeneggerFebruary 2020January 2021Certificate usageCertificate Enrollment, Certificate Template

PKI administrators often assume that the option in the certificate template to not allow the private key for export is mandatory.

However, this is not the case. This is merely a default setting that the requester can change at any time when making the certificate request manually.

Furthermore, even a key generated as non-exportable is not safe from export. For this exist relevant toolsto export such certificates including keys.

3 thoughts on “Wie sicher ist die Einstellung „Allow private key to be exported“ in den Zertifikatvorlagen?”

Pingback: Threat to the Active Directory forest by the flag EDITF_ATTRIBUTESUBJECTALTNAME2 - Uwe Gradenegger
Pingback: Key algorithm is not checked by the policy module - Uwe Gradenegger
Pingback: A policy module to tame them: Presentation of the TameMyCerts Policy Module for the Microsoft Certification Authority - Uwe Gradenegger

Comments are closed.

English