SSL Exporting to a .PFX....not!

Yesterday I had a bit of a panic. I had a change request scheduled to publish my Project Server site over to our ISA Server. Normally to do this, one goes into the Certificates MMC snap in, locates the Personal certificate assigned to the server, and export it as a .PFX file.

Well, the option to export to .PFX was grayed out, with a warning about "the associated private key cannot be found" - but on the screen where I view the SSL certificate, I was told that there is a private key associated with this certificate. Since ISA Server requires the private key, this was going to be a show stopper!

Digging around I did find one helpful post on the Verisign site: http://forums.iis.net/p/1154109/1888980.aspx

This post lead to me look in the directory C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys, and then further, I was able to locate the file (named with a GUID) in the MachineKeys folder with the time stamp of when we installed the SSL certificate. Turns out even though I'm domain admin, that folder was not owned by the local Administrators group, and that further that GUID named key was owned only by the guy who installed the cert and SYSTEM - Domain Admins & the box admins didn't have permissions to the file or to that folder.

So once I took care of that, changing the ownership on that GUID file & then granting Full Control rights to that key, I was then able to export the certificate as a .PFX file...big relief!!!