Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Audience: Administrator
Last Modified: 2006-09-12 13:16:46.0

TN 6548 - Why is the option to export my private key greyed out?

Applies to: Microsoft IIS 5.0, 5.1, 6.0

You may be trying to perform an export function using Windows Certificate Snap In from the MMC and the option to include the private key is 'greyed' out in the IIS export wizard

To resolve this issue,

You need to or have your Systems/Server Administrator reset the permissions on these key containers.

NOTE: In order to view these hidden files you must turn on the Display hidden files and folders option in Windows. To display hidden files and folders, perform the following steps:
Click Start, point to Settings, and then click Control Panel.

Click Appearance and Themes, and then click Folder Options.
On the View tab, under Hidden files and folders, click Show hidden files and folders.
To reset the permissions on these key containers use the following steps:

Open Microsoft Windows 2000 Explorer.

Locate the %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder.

There are several files located in this folder. Each file in this folder corresponds to a key container. Try to open each with Notepad.

If you receive an Access Denied error message when you try to open a file, open the properties of the file, and then take ownership of it. Reassign the Administrator account Full access.
Repeat step four for each file in this folder. You should then be able to start the System Attendant service.

NOTE: You must also ensure that the system account has full control of all of these files. If the System Attendant continues to not start, you may need to repeat this process on all of the domain controllers in the domain.

NOTE: The directory above assumes a clean install of Windows 2000.

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable