18 Apr Step by Step PKI–Export and Import Certificate in Windows
Now we have completed the certificate request and installed the certificate in IIS, but sometimes we may need the export certificate (private key or public key) for other purpose.
Export Certificate: Public Key
Exporting the pubic key certificate (.cer) is quite common since in theory, anyone can access or read the public key, because it is public key, like your home company address.
Public key certificate (.cer) can be exported from where it installed, or can be downloaded from Internet, depends on certificate.
1. Open IIS (inetmgr)
2. Locate the certificate, double click open the certificate
3. Click on “Detail” tab, and “Copy to File…”, follow the wizard to export
Windows certificate store
Depends on your certificate, some certificate sitting in “User Certificate Store (certmgr.msc)”, some in “Computer Certificate Store (certlm.msc)”
For the certificate requested from IIS, it is sitting in “Computer Certificate Store (certlm.msc)”
1. Open Windows Certificate Store
2. Open the certificate by double click on it
3. Export the certificate
Export Certificate: Private Key
Exporting the private key certificate can only be done on the computer where the .csr generated in the first time.
Later, you can install the exported private key onto other computer and export from there if you choose the certificate is exportable.
Exporting in IIS is easy and straight forward, just click on the export button
Leave a path and password (private key must have a password protected)
Windows Certificate Store
1. Open Windows certificate store, locate the certificate, right click, All Tasks –> Export
Windows will ask you whether you want to export the private key or not.
If we do not export the private key, then the export will be exactly the same as we exported the public key
So let choose export the private key for now
Now we have successfully exported our certificate.
Next: Import a certificate
1. Double click on the certificate file
2. Choose which Windows certificate store you want to import: Computer Certificate Store (certlm.msc) or User Certificate Store (certmgr.msc)
It depends on the certificate purpose: a website certificate usually goes into Computer, where a user based cert goes into User.
2. Follow the wizard, choose whether you want this certificate to be exportable on current computer (not the original computer where the certificate been exported)
3. Choose a certificate store location.