So, you need the private key for a certificate on Windows, for some innocent snooping around with Wireshark, but someone marked it as not exportable. Now what?
The following commands will extract the certificates from the local store:
crypto::capi crypto::certificates /systemstore=CERT_SYSTEM_STORE_LOCAL_MACHINE /export
The password for the pfx files is “mimikatz” (no quotes).
To convert a pfx to a pem file, you can do something like this:
openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes
If it’s for use in Wireshark, you also need to add -nocerts:
openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes -nocerts