So, you need the private key for a certificate on Windows, for some innocent snooping around with Wireshark, but someone marked it as not exportable. Now what?
Cue Gentil Kiwi and his tool Mimikatz.
The following commands will extract the certificates from the local store:
crypto::capi crypto::certificates /systemstore=CERT_SYSTEM_STORE_LOCAL_MACHINE /export
The password for the pfx files is “mimikatz” (no quotes).
To convert a pfx to a pem file, you can do something like this:
openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes
If it’s for use in Wireshark, you also need to add -nocerts:
openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes -nocerts