Back to Community Threads
1
Cert export error - Missing stored keyset
Question asked by Scott Wilson - 6/15/2022 at 10:39 PM
Answered
I'm trying to follow the instructions in the following KB article but I'm getting an error when running the PowerShell script.


Here's the output I'm getting, any idea what could be wrong?

C:\SmarterMail\Scripts>Powershell.exe -executionpolicy remotesigned -File c:\SmarterMail\Scripts\exportcert.ps1
MY "Personal"
================ Certificate 3 ================
Serial Number: 03845e7355773d78bf1b387ff517961675fd
Issuer: CN=R3, O=Let's Encrypt, C=US
 NotBefore: 6/15/2022 4:28 PM
 NotAfter: 9/13/2022 4:28 PM
Subject: CN=mail.example.com
Non-root Certificate
Cert Hash(sha1): 2ff9e40474671c2f9a42409076ef6177f5c39902
  Key Container = {D04742A0-C916-4AD3-B3FE-7A0B596A41F0}
  Provider = Microsoft Enhanced Cryptographic Provider v1.0
Missing stored keyset
================ Begin force NCrypt ================
Missing stored keyset
----------------  End force NCrypt  ----------------
CertUtil: -exportPFX command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET)
CertUtil: Keyset does not exist

3 Replies

Reply to Thread
1
Scott Wilson Replied
6/16/2022 at 10:17 AM
Marked As Answer
Turns out it's a permissions issue, you have to run it as an administrator. If you update batch file to the following it'll run as admin.

Powershell.exe -Command "& {Start-Process Powershell.exe -ArgumentList '-ExecutionPolicy Bypass -File ""%~dp0exportcert.ps1""' -Verb RunAs}"
pause
0
Zach Sylvester Replied
6/16/2022 at 10:48 AM
Employee Post
Hey Scott, 

Thanks for letting us know the solution. We are happy that you figured this out. 

Kind Regards, 
Zach Sylvester System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
1
Scott Wilson Replied
6/16/2022 at 12:29 PM
And if anyone is interested how to accomplish the same in a C# console app you can use the following which is how I figured out what was wrong since I'm not very proficient with PowerShell.

using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;

namespace CertExporter
{
    class Program
    {
        static void Main(string[] args)
        {
            string subject = null;
            string password = null;
            string path = null;
            if (args.Length == 0)
            {
                Console.WriteLine("Enter the subject of cert to export:");
                subject = Console.ReadLine();
                Console.WriteLine("Enter a password:");
                password = Console.ReadLine();
                Console.WriteLine("Enter an output path:");
                path = Console.ReadLine();
            }
            else
            {
                subject = args[0];
                password = args[1];
                path = args[2];
            }
            using (var store = new X509Store(StoreLocation.LocalMachine))
            {
                store.Open(OpenFlags.ReadOnly);
                var cert = store.Certificates.Find(X509FindType.FindBySubjectNamesubjecttrue)[0];
                byte[] data = cert.Export(X509ContentType.Pfxpassword);
                File.WriteAllBytes(pathdata);
                store.Close();
            }
        }
    }
}
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Resolving JSON IssuesSmarterMail > Troubleshooting
Import/Export a PST File Using OutlookSmarterMail > Desktop and Mobile Synchronization
Microsoft Outlook PST vs OST vs OLM -- What's the Difference?SmarterMail > Desktop and Mobile Synchronization
Troubleshooting SmarterMail Automatic SSL CertificatesSmarterMail > Troubleshooting