PKI administrators often assume that the option in the certificate template to not allow the private key for export is mandatory.
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
However, this is not the case. This is merely a default setting that the requester can change at any time when making the certificate request manually.
Furthermore, even a key generated as non-exportable is not safe from export. For this exist relevant toolsto export such certificates including keys.
English 
Deutsch
3 thoughts on “Wie sicher ist die Einstellung „Allow private key to be exported“ in den Zertifikatvorlagen?”
Comments are closed.