Exporting Private Key and Client Authentication Certificate and Importing to a Different Server for Windows

Marking the private key as exportable, when generating the private key, is required to use the Export function in the Windows mmc utility to save a pfx/p12 file to load into other servers. Please refer to section 4 of the Installing Certificates in Windows for use with Interoperability Engine guide for more details.

To export the private key and client authentication certificate:

1. Open mmc as per section 2 of the guide.
2. Open the Certificates (Local Computer)\Personal folder on the same server where you generated the exportable key and CSR. Locate the entry for your client authentication certificate.
3. Confirm that the small certificate icon to the left of the certificate name shows a small "key" at the top left corner (see section 5.11 of the certificate guide for an example of how this should appear).
4. Right click on your client authentication certificate and select "All Tasks > Export..." from the menu. A dialog box will appear for the Certificate Export Wizard.
5. On the "Export Private Key" page, select "Yes, export the private key" -- if this choice is greyed out or not selectable, then the key was not marked as exportable when you created it.
6. You will then pick the export format which should be "Personal Information Exchange - PKCS #12 (.PFX)". Make sure the "Delete the private key if the export is successful" is NOT selected before proceeding. Otherwise, the default PFX options should be adequate.
7. On the "Security" page, select the Password checkbox, pick an encryption algorithm for the output file from the dropdown list, and enter a new password you will use to secure the output file. (You will need this same password to later import the pfx/.p12 file onto your other machine).
8. You will be prompted to choose the file name (or Browse...) for the exported .pfx file.
9. On the final page of the dialog, review the settings you have selected and click "Finish" to perform the export.
10. You should then see a pop-up window confirming that the export was successful.

The .pfx file generated can then be copied to your other server(s) and imported by following the instructions in Section 5 of the guide including the additional steps in that section for .pfx/.p12 files.

Did this article answer your question? If not, please contact us.