https://development--vigilant-hodgkin-644b1e.netlify.com/tags/certificates/CertificatesSource Themes Academic (https://sourcethemes.com/academic/)en-us© 2019 Derek MurawskyWed, 01 Mar 2017 11:59:53 -0400https://development--vigilant-hodgkin-644b1e.netlify.com/img/icon-32.pnghttps://development--vigilant-hodgkin-644b1e.netlify.com/tags/certificates/https://development--vigilant-hodgkin-644b1e.netlify.com/post/export-unexportable-key/Wed, 01 Mar 2017 11:59:53 -0400https://development--vigilant-hodgkin-644b1e.netlify.com/post/export-unexportable-key/ <p>Every now and then, you have to export a certificate in Windows, and someone forgot to check that little box to let you be able to do it… What is an enterprising SysAdmin to do? Enter <a href="http://blog.gentilkiwi.com/mimikatz" target="_blank">Mimikatz</a> (<a href="https://github.com/gentilkiwi/mimikatz" target="_blank">source</a>), a tool that lets you patch the Windows crypto api and do several cool (and frightening) things. The process is very simple.</p> <h2 id="to-export-an-unexportable-private-key">To Export an Unexportable Private Key:</h2> <ol> <li>Create a temp directory</li> <li>Download the latest version of <a href="https://github.com/gentilkiwi/mimikatz/releases/tag/2.1.0-20170227" target="_blank">Mimikatz</a></li> <li>Extract the appropriate version (32 or 64 bit) to the temp directory</li> <li>Open an admin command prompt</li> <li>Change to the temp directory</li> <li>Run <code>mimikatz</code></li> <li>Type <code>crypto::capi</code></li> <li>And finally type <code>crypto::certificates /export</code></li> </ol> <p>You’ll see all of the certificates in the MY store exported into the temp directory in pfx format. The default password is mimikatz. Want another cert store? Perhaps, the computer store? Simply <code>run crypto::certificates /export /systemstore:LOCAL_MACHINE</code>. Check out the <a href="https://github.com/gentilkiwi/mimikatz/wiki" target="_blank">github wiki</a> for documentation on this and other cool features of this powerful tool.</p>