I have been working a lot with SSL certificates lately. The other day I had to move a certificate from Windows to Linux server, the certificate is for both www and without. It´s a simple task to export the certificate from Windows server 2012R2 and then convert the certificate so it works on Apache. Except that the CSR was done without the “Export private key” checkbox. Bummer
I thought that there must be a way to change that, after all I am Domain Administrator. Nope, there is no easy way to go around this. After a long time of googling I come over something that a thought was worth sharing.
I found a great tool! Mimikatz
http://blog.gentilkiwi.com/mimikatz
This tool can read out the key via Windows API, and a lot more!
Together with the instructions from this blog
http://blog.ruecker.fi/2014/03/12/exporting-the-not-exportable/
Download the binaries at extract the files. Start a command shell as administrator and run the 64bit version of mimikatz.exe
In the prompt just past in the following lines:
crypto::capi
crypto::certificates /systemstore=CERT_SYSTEM_STORE_LOCAL_MACHINE /export
This will export all certs on the server. The password for the exported certificates is: mimikatz
This tool can do a lot more terrifying things, for example find passwords in clear text
privilege::debug
sekurlsa::logonpasswords