如果密钥已经导入为EXPORTABLE,有没有办法将私钥标记为NOT EXPORTABLE?
更多洞察力:
已导入包含私钥的证书,并带有允许导出私钥的选项.但是,我们想要提高安全性并将密钥标记为不可导出.由于证书是通配符证书并且绑定到许多网站,因此我们希望避免删除证书并重新导入证书.
环境是Windows Server 2012 R2.
据我所知,在您的情况下将私钥标记为不可移植的唯一方法是重新导入证书.一旦它已导入,您就无法修改设置该选项的布尔变量.
查找并将私钥定义为可导出的变量是:
PrivateKeyExportable Optional System.Boolean The PrivateKeyExportable parameter specifies whether the certificate has an exportable private key,and controls whether you can export the certificate from this server. Valid values are: $true The private key is exportable,so you can export the certificate from this server. $false The private key isn't exportable,so you can't export the certificate from this server. This is the default value.