Export a certificate with the private key

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To export a certificate with the private key

  1. Open the Certificates console for the user, computer, or service you want to manage.

    Tip

    For instructions on creating a Microsoft Management Console (MMC) that allows you to manage the certificates of a user account, computer account, or service account, see the appropriate article from the following list

  1. Manage certificates for your user account

  2. Manage certificates for a computer

  3. Manage certificates for a service

  1. In the console pane, select the certificate store and container holding the certificate that you want to export.

    Tip

    For more information on the Certificates console and changing View Options, see Certificates Console (http://go.microsoft.com/fwlink/?LinkID=209851).

  2. In the details pane, click the certificate you want to export.

  3. On the Action menu, point to All Tasks, and then click Export.

  4. In the Certificate Export Wizard, click Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)

  5. Under Export File Format, do one or all of the following, and then click Next.

    • To include all certificates in the certification path, select the Include all certificates in the certification path if possible check box.

    • To enable strong protection, select the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box.

    • To delete the private key if the export is successful, select the Delete the private key if the export is successful check box.

  6. In Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.

  7. In File name, type a file name and path for the PKCS #12 file that will store the exported certificate and private key, click Next, and then click Finish.

Note

  • If a certificate was issued from a Windows Server 2003 certification authority, the private key for that certificate is only exportable if the certificate request was made via the Advanced Certificate Request certification authority Web page with the Mark keys as exportable check box selected, or if the certificate is for EFS (Encrypting File System) or EFS recovery.

  • Strong protection (also known as iteration count) is enabled by default in the Certificate Export Wizard when you export a certificate with its associated private key.

    Strong protection is not compatible with older programs, so you need to clear the Enable strong protection option if you are going to use the private key with any browser earlier than Microsoft Internet Explorer 5.

  • After the Certificate Export Wizard is finished, the certificate will remain in the certificate store in addition to being in the newly-created file. If you want to remove the certificate from the certificate store, you will need to delete it.

  • Information about functional differences

    • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

    See Also

    Concepts

    Importing and exporting certificates
    Manage certificates for your user account
    Manage certificates for a computer
    Manage certificates for a service
    Display certificate stores in Logical Store mode
    Export a certificate
    Import a certificate
    Delete a certificate