Web server template with private key export

Per default, the web server template in Microsoft CA does not allow exportation of the private key once installed onto a system.
To enable this option you need to create a new WebServer template which allows just that.

As we can see from the default WebServer template, the export Private Key is unticked which is the reason for this.
webserver-template

The templates can be accessed from the Microsoft Certificate Authority console by right-click the folder “Template” and choose “Manage”.
certsvc-templates-manage

Right-click the WebServer template and choose “Duplicate template”.
certsvc-duplicate certsvc-duplicate

In the new template go to the tab “Request Handling” and tick off “Allow private key to be exported”.
certsvc-newtemplate

You may also want to pop by the tab Cryptography and increase the minimum key size to something more appropriate than 1024 bits – such as 4096.
certsvc-newtemplatecrypto

After you have copied/save the new template, it needs to be issued which is done from the Microsoft Certificate Authority console by right-click the folder “Template” and choose “New”>”Certificate Template to Issue”.

5.00 avg. rating (99% score) - 1 vote

Leave a Reply

Your email address will not be published. Required fields are marked *