web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / create certificate wit...
Finance | Project Operations, Human Resources, ...
Suggested Answer

create certificate with exportable key

(0) ShareShare
ReportReport
Posted on by w.sallam 2,259

when trying to apply the certificate part on the deployment guide (Step 8)

I got this error

PS C:\infrastructure> .\Export-PfxFiles.ps1 -ConfigurationFilePath .\ConfigTemplate.xml
Certificate XXXXXXXX is valid
Exporting PFX for thumbprint XXXXXXXX to C:\infrastructure\Certs\star.d365ffo.onprem.XXXX.com.pfx
Export-PfxCertificate : Cannot export non-exportable private key.
At C:\infrastructure\Export-PfxFiles.ps1:103 char:21
+ ... ortedCert = Export-PfxCertificate -Cert $certPath -FilePath $outputPa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Export-PfxCertificate], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.CertificateServices.Commands.ExportPfxCertificate

I created the certificate with IIS, how to create certificate with exportable key?

thanks in advance 

I have the same question (0)
  • Suggested answer
    Anup Shah MSFT Profile Picture
    Anup Shah MSFT on at

    Please raise a support case for further help on this.

  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Step-by-Step-Installation-of-Microsoft-Dynamics-365-Finance-and-Operations-on-Premise-by-Umesh-Pandit_2D00_converted.docx

    Use this document and let me know if you have follow the similar steps and still got the issue.

    Also Do not create a certificate from IIS. there are multiple powershell scripts over google which will help you to generate a test certificate with exportable key.

  • Community Member Profile Picture
    Community Member on at

    Hi w.sallam

    are you able to resolve this issue?

  • Suggested answer
    A.Prasanna Profile Picture
    A.Prasanna 8,223 on at

    if you look at Export-PfxFiles.ps1 you can find below comment.

    " DESCRIPTION

     Before executing, ensure your .\ConfigTemplate.xml (or path in -InputXml) is up-to-date with your certificates. You may need to call .\New-SelfSignedCertificates.ps1 before executing.

     Only certificates marked exportable are leveraged by this script, if a certificate isn't exportable mark it false before calling script. "

    also, It's clearly said that the certificate should mark as exportable,

    just check your ConfigTemplate.xml whether your certificate marked as exportable you can find this by searching " exportable="true"".

    just check whether you are using the latest scripts I just saw in LCS there is a script with a modified date 10/15/2020.

    Hope this will help

    Amith Prasanna

  • w.sallam Profile Picture
    w.sallam 2,259 on at

    thanks all for help.

    and thanks AKHILESH for the document , it's helpful.

    @Amith , as I understand I needed a certificate that mark as exportable.

    how to create it ?

    if there is a script or something.

  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    While setting up your config template

    Did you make exportable = true on certificates tag?

    As it is mentioned in below screenshot.

    pastedimage1603016682485v1.png

    i am pretty sure that the problem is with your config template. If possible please share your config template here so that i can reconfirm if it is fine.

  • Suggested answer
    A.Prasanna Profile Picture
    A.Prasanna 8,223 on at

    As a said use the latest installation scripts downloaded from LCS, in the scripts folder, there is PS Script named "New-SelfSignedCertificate.ps1" you can use for the SelfSign Certificate Generation. I hope you didn't create those certificates manually in IIS. Just check your configuration template too. if you still struggling remove all the copies and then download a fresh copy with the latest version without wasting your time.

    As a thumb rule always run your PowerShell as Administrator. and Use Power Shell ISE than just PowerShell.

    Amith Prasanna.

  • w.sallam Profile Picture
    w.sallam 2,259 on at

    thanks AKHILESH  for your reply.

    please check my  config template 

    0804.Capture.PNG

  • w.sallam Profile Picture
    w.sallam 2,259 on at

    Hi Amith

    thanks for your reply

    I know I can use SelfSignedCertificate.ps1 but this is not recommended for production environment

    so I can't use it here.

  • Suggested answer
    A.Prasanna Profile Picture
    A.Prasanna 8,223 on at

    yeah, that's true. if you acquired certificates  via the recommended way in

    docs.microsoft.com/.../setup-deploy-on-premises-pu12

    then you better ask for help from your Certificate provider/ Vendor.  

    I'm not quite sure but just try to change the status to False on generateSelfSignCert on the config template then give a try.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 592 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 478 Super User 2025 Season 2

#3
BillurSamdancioglu Profile Picture

BillurSamdancioglu 305 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans