Certificate

將私鑰標記為不可導出

  • February 15, 2017

如果密鑰已經導入為 EXPORTABLE,有什麼方法可以將私鑰標記為 NOT EXPORTABLE?

多一點見解:

已導入包含私鑰的證書,並帶有允許導出私鑰的選項。但是,我們希望稍微加強安全性並將密鑰標記為不可導出。由於證書是萬用字元證書並且綁定到很多網站,我們希望避免刪除證書並重新導入它。

環境是 Windows Server 2012 R2。

據我所知,在您的情況下將私鑰標記為不可導出的唯一方法是重新導入證書。導入後,您無法修改設置該選項的布爾變數。

查找並將私鑰定義為可導出或不可導出的變數是:

PrivateKeyExportable
Optional
System.Boolean
The PrivateKeyExportable parameter specifies whether the certificate has an exportable private key, and controls whether you can export the certificate from this server. Valid values are:
$true   The private key is exportable, so you can export the certificate from this server.
$false   The private key isn't exportable, so you can't export the certificate from this server. This is the default value.

引用自:https://serverfault.com/questions/829134