Export-PfxCertificate : Cannot export non-exportable private key
Solution 1
The problem isn't with the powershell code. The problem is with the certificate.
When a certificate is first imported or created, the private key must be marked as exportable in order for you to be able to export the private key.
The error message you have received indicates that the private key is not exportable on the certificate you are trying to use.
Solution 2
Maybe too late, but have you tried to run PowerShell script as administrator? (If you can export private key from mmc console, Export-PfxCertificate will export it also.)
Solution 3
I know this is an older question, but I wanted to post my solution as I was having this same problem. I too was getting the dreaded Export-PfxCertificate : Cannot export non-exportable private key error while trying to export my PFX file. The problem started after loading my code-signing certificate on my Windows machine. When I went to export it, the export to PFX option was grayed out without further explanation. I then followed many of the instructions listed here, including Powershell Export-PfxCertificate. None of these worked. I finally went back to my Certificate provider GoDaddy and they informed me that in my Original Certificate Signing Request (CSR) I did not check the box Make Private Key Exportable. GoDaddy graciously, and without cost, allowed me to submit a new CSR (with that option checked,) to 'Rekey' my existing certificate. Within a couple of hours, my new certificate was issued. I installed it on my machine and was able to export directly from Windows MMC (no need to PowerShell.) I've included this screenshot of the box that must be checked when creating your CSR (may look different on different platforms.)
Solution 4
I did a quick search, and you can use certutil
or better is probably the solution from http://community.idera.com/powershell/powertips/b/tips/posts/exporting-certificate-with-private-key.
Relevant code from that post has been pasted below. 100% attribution to the author of that page.
dir cert:\currentuser\my |
Where-Object { $_.hasPrivateKey } |
Foreach-Object { [system.IO.file]::WriteAllBytes(
"$home\$($_.thumbprint).pfx",
($_.Export('PFX', 'secret')) ) }
Kode
Enterprise Architect and Web Front End Developer || LinkedIn || My Blog Specialties: Enterprise Content Management (ECM), Electronic Records Management (ERM), Web Content Management (WCM), Enterprise Architecture, Web Front End (WFE) Development, taxonomies, classification schemes, governance, business operations, systems engineering/administration, SharePoint, virtualization, project management, relational databases, international trade law and negotiation, crisis management, conflict resolution, lobbying, contract negotiation, vendor management. Application Programming/Scripting Languages/Web Services/APIs: HTML5/HTML, CSS3/CSS, JavaScript, jQuery, jQuery UI, AngularJS, Backbone.js, RequireJS, Bootstrap, JSON, REST, AJAX, CAML C#, ASP.NET Web Pages, ASP.NET Web Forms, ASP.NET MVC, Entity Framework, LINQ, XML PowerShell, SQL, ColdFusion SharePoint Client Object Model (CSOM), JavaScript Object Model (JSOM)
Updated on August 28, 2021Comments
-
Kode over 2 years
I am attempting to export my self-signed certificate so I can import it to other Servers in my development environment (will use "real" certs for Production), but it throws the following error:
Export-PfxCertificate : Cannot export non-exportable private key
The requirements are that I need to export the cert and "allow the private key to be exported", but am curious what I am missing. My PowerShell is as follows:
$pwd = ConvertTo-SecureString -String ‘1234’ -Force -AsPlainText $path = 'cert:\localMachine\my\' + '1E7439053EE57AEE6EA0E1F3CDF5DB4234B6731E' Export-PfxCertificate -cert $path -FilePath c:\Certificates\cert.pfx -Password $pwd
-
RalfFriedl about 5 yearsYou don't need to be administrator to export your keys, but the keys need to be available to export them.
-
dzon about 5 yearsIf I start script as user, I can only export the public key from \LocalMachine\My. Also, Export-PfxCertificate returns error "Cannot export non-exportable private key". But, if I start PS from elevated Command Prompt, there is no error and the PFX file contains pub and priv key.
-
jdm about 4 yearsIf you can export the certificate manually in
certlm.msc
, because it is marked as exportable, but you still get this error in PowerShell, then this is the solution. For example, you cannot export IIS certificates if you are non-elevated. -
Roland over 3 yearsThe Example link is broken.