You can export a certificate in order to import a copy on a different computer or device or to store a copy in a secure location.
If you are exporting certificates for import onto a computer running Windows, PKCS #7 format is the preferred export format. This format preserves the chain of certification authorities (CAs), or the certification path, of any certificate that includes countersignatures associated with signatures.
If you are exporting certificates for import onto a computer running another operating system, it is possible that the PKCS #7 format is supported. If it is not supported, the DER-encoded binary format or the Base64-encoded format is provided for interoperability.
Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.
|
To export a certificate |
-
Open the Certificates snap-in for a user, computer, or service.
-
In the console tree under the logical store that contains the certificate to export, click Certificates.
-
In the details pane, click the certificate that you want to export.
-
On the Action menu, point to All Tasks, and then click Export.
-
In the Certificate Export Wizard, click No, do not export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
-
Provide the following information in the Certificate Export Wizard:
- Click the file format that you want to use to
store the exported certificate: a DER-encoded file, a
Base64-encoded file, or a PKCS #7 file.
- If you are exporting the certificate to a
PKCS #7 file, you also have the option to include all
certificates in the certification path.
- Click the file format that you want to use to
store the exported certificate: a DER-encoded file, a
Base64-encoded file, or a PKCS #7 file.
-
If required, in Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.
-
In File name, type a file name and path for the PKCS #7 file that will store the exported certificate and private key. Click Next, and then click Finish.
Additional considerations
- User certificates can be managed by the user
or by an administrator. Certificates issued to a computer or
service can only be managed by an administrator or user who has
been given the appropriate permissions.
- To open the Certificates snap-in, see
Add the
Certificates Snap-in to an MMC.
- After the Certificate Export Wizard is
finished, the certificate will remain in the certificate store in
addition to being in the new file. If you want to remove the
certificate from the certificate store, you must delete it.