Recover an archived certificate from a Microsoft CA

Prerequisites: You KRA certificate must be installed in your certificate store on your machine.

  1. Find the serial number of the certificate you want to recover.
  2. certutil -getkey [serial number] [outfile] Ex. certutil -getkey 45137316467 d:key.file
  3. certuil -recoverkey [infile][outfile_pfx] Ex. certutil -recoverkey d:key.file d:certificate.pfx
  4. Enter a new password for the pfx file.
This entry was posted in PKI and tagged , , , . Bookmark the permalink.