So, you're using Windows, and you want to enroll for a public key certificate.
You open up your Internet Explorer (because other browsers don't work), apply for the certificate, pay for it, receive it, and you think all is dandy.
Then, you want to export the certificate so that you can use it on another machine.
In their infinite wisdom, developers of Windows Vista made it so that private keys for certificates requested through the browser are automatically marked unexportable.
This is to "protect" the private key. You can't back it up or use it on another machine, but the bad guys also can't export it from your computer behind your back. Right?
Except the bad guys can. The private key is, obviously, stored on the machine. The operating system has to access the private key in order to ever use it. So the private key is there. All you need is a third party utility, such as Jailbreak, to work around the "protection", and there you go, you can export the key.
The only people actually hurt by this stupid design decision are people who want to be careful and responsible, and do not want to risk running an untrusted third party hack with administrative permissions.
Those people have to revoke their certificate, install Windows XP in a virtual machine, and request a new certificate from there, because Windows XP did actually allow the key to be exported.