Failed to export windows cert as pkcs12 - "The key is not valid for use in the specified state"

Question

Failed to export windows cert as pkcs12 - "The key is not valid for use in the specified state"

I am trying to export cert with powershell in pkcs12. I can export it to MMC. But powershell barfs

    PS C:\Users\paul> $cert.export('PFX'," pass")
Exception calling "Export" with "2" argument(s): "Key not valid for use in specified state.
"
At line:1 char:13
+ $cert.export <<<< ('PFX'," pass")
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

Private Key Exported

PS C:\Users\paul> $cert.privatekey.cspkeycontainerinfo


MachineKeyStore        : True
ProviderName           : Microsoft RSA SChannel Cryptographic Provider
ProviderType           : 12
KeyContainerName       : fd6ce48f23c5a94dee97bf7e87ef3da2_2868494a-a319-4976-80a7-e0f129e23cfd
UniqueKeyContainerName : fd6ce48f23c5a94dee97bf7e87ef3da2_2868494a-a319-4976-80a7-e0f129e23cfd
KeyNumber              : Exchange
Exportable             : True
HardwareDevice         : False
Removable              : False
Accessible             : True
Protected              : False
CryptoKeySecurity      : System.Security.AccessControl.CryptoKeySecurity
RandomlyGenerated      : False

works as a local administrator

+3

powershell pkcs # 12

pm100 May 13, '11 at 21:26

source share

1 answer

Goyuix · Answer 1 · 2011-05-13T22:49:33+0000

This seems like a long shot, but have you tried using the Pfx enumeration instead of a string?

$pfx = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx
$cert.Export($pfx,"pass")

The reason I'm asking is because if you look at the value that underlies the listing, Pfx actually has a value of 3.

Failed to export windows cert as pkcs12 - "The key is not valid for use in the specified state"

More articles: