Disabling strong private key encryption on a personal certificate
I am attempting to import a certificate into my current user's personal certificate store, since my server is required to sign certain requests it makes and the suggested instructions were to do this. I was able to do this successfully on a development machine, but was not able to do it on another machine, as an option is grayed out:
Enable strong private key protection. You will be prompted every time the private key is used by an appication if you enable this option" checked off and grayed out.
What configuration can I change on this machine (I have admin access) to fix this?
Edit: Further Details
I am using the certificate import wizard, which can be launched via the certificates mmc (all tasks -> Import...) or by double-clicking the certificate or by right-clicking and selecting install. Actually, it can also be launched from IE in the Content tab. I've tried all of these methods of installing, and they all work the same. The certificate is a .p12 file.
Note that adding a certificate to the local machine rather than to the current user does allow me to uncheck this option and create a low security certificate, but I wish to add it to Current User.
In the Local Security Policy of the machine, there is a policy called:-
System Cryptography: Force strong key protection for user keys stored on the computer
Setting this to "User input is not required when new keys are stored and used" enabled this option, whereas it was previously greyed out when set to "User must enter a password each time they use a key".
Once the certificate is added, setting this policy back did not affect the certificate, only the option within the import wizard.
Hope this solution works for you too.