JSI Tip 5015. How do I export certificates in Windows 2000?
March 19, 2002
NOTE: The text in the following Microsoft Knowledge Base article is provided so that the site search can find this page. Please click the Knowledge Base link to insure that you are reading the most current information.
Microsoft Knowledge Base article Q310114 contains:
IN THIS TASK
SUMMARY
How to Export Certificates
SUMMARY
Digital certificates are an important part of a network's public key infrastructure (PKI). Services and programs that communicate across non-secure networks use digital certificates to provide authentication and security.
You can use the Certificates snap-in in Windows 2000 to request, manage, and export certificates. If you want to either back up the certificate or use the certificate on a different computer, you can use the Certificates snap-in to copy a certificate from a certificate store to a file, and then export the certificate. This article describes how to export certificates that you have either copied or backed up.
back to the top
How to Export Certificates
You can use any of the following standard certificate file formats that are supported by Windows 2000 to export a certificate:
Personal Information Exchange (PFX, also called PKCS #12)
Cryptographic Message Syntax Standard (PKCS #7)
Distinguished Encoding Rules (DER) Encoded Binary X.509
Base64 Encoded X.509
The DER Encoded Binary X.509 format and the Base64 Encoded X.509 format are used for interoperability if the certification authority is not a Windows 2000-based server.
To export a certificate:
Start the Certificates Microsoft Management Console (MMC).
You may need to create this MMC if you did not previously create and save a console that contains the Certificates snap-in.In the Logical Certificates Stores view, click the appropriate node in the left pane.
For example, to export a personal certificate for your user account, click to expand the Certificates | Personal node, and then click Certificates. A list of the certificates that are issued to your user account is displayed in the right pane.Right-click the certificate that you want to export.
Click All Tasks on the Context menu.
Click Export.
After the Certificate Export Wizard starts, click Next.
When you are prompted to export the private key with the certificate, click either Yes or No (depending on your situation), and then click Next.
Click the file format, and then click Next.
If you click PKCS #12, the following options are displayed:Include all certificates in the certification path
Enable strong protection
Delete the private key if the export is successful
If you are backing up an Encrypting File System (EFS) certificate and keys, leave the private key on the computer so that you can decrypt your files without importing the private key. If you are backing up a file recovery certificate and keys, delete the private key after you export the certificate.If you are exporting the private key, type and confirm a password to protect the key, and then click Next.
Enter a file name for the export file (you can browse for a path and file), and then click Next.
When a summary of the information that you entered is displayed, click Back to make any changes.
If the information is correct, click Finish.When you receive the "Export was successful" message, click OK.
NOTE: Store the exported certificate file so that you can use this certificate to restore the certificate if the original certificate becomes lost or damaged. You can also use the stored exported certificate to install the certificate on a different computer.
back to the top
About the Author
You May Also Like