Hi,
We want to restrict the export of private key while the certificate is created at first place. We are testing to generate the certificate for a user and send the pfx file.
While generating the private key, we can set the export flag as below
"objPKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
But if we use it, createPFX fails stating "CX509Enrollment::CreatePFX: Key not valid for use in specified state." This is because we have disabled the export.
Is there a way we can make private key not exportable while creating the pfx file.