Saturday, 4 March 2017

Recover lost private key (Key Archival)

Overview

If you have Key Archival enabled then you can recover private keys. If you don’t have Key Archival enabled then click here for instructions.
In this post, I’ll demonstrate how to recover a lost private key

How to recover a lost private key

You need to be logged in with one of your Key Recovery Agents that you specified when you configured Key Archival.
Firstly, locate your certificate in the Issued Certificates section using the CA snap-in:
clip_image001
You then need to get the serial number so you can just double click it, go to details and select Serial Number:
clip_image002
Remove the spaces from the Serial Number:
1a00000042af62922b38431f48000100000042
Use certutil to get the key:
certutil -getkey 1a00000042af62922b38431f48000100000042 C:\Temp\key.key
clip_image003
You then use certutil again to recover the private key:
certutil -recoverkey C:\Temp\key.key c:\temp\cert.pfx
clip_image004
You now have a .pfx file and you can import this back onto your client using certmgr.msc














No comments:

Post a Comment