Once and a while i run into a situation when i need to export a certificate marked as non-exportable. To be able to use the certificate i need to export the private key.
Every now and then i see people trying to export the certificate without the private key and importing it to a new computer and binding it to an IIS. When looking at the certificate it looks like everything is ok, but since the private key is missing you wont be able to use it.
There is a tool that will help you export the private key even though it is marked as non-exportable. The tool is called jailbreak and is found on iscpartners website.
Download and extract the tool.
When running the toll on a Windows 2008 R2 server you’ll need to run the JBSTORE.EXE. To list the certificates run jbstore.exe -l
then run jbstore.exe -1 -n “certificatename” -o outfile.pfx the certificate and privatekey will be exported to the outfile.pfx
You should now be able to inport the certificate to another computer, the default password is password unless you’ve set another using the -p password when exporting. When importing the certificate you have the option to choose thar the certificate should be exportable. If doing so you’ll be able to export the certificate using the mmc as usual.
GSEC 
Leave a comment