It is easy to locate and export a private key file on non-windows platforms. Both public and private keys will be created and saved in a separate file in .key or .pem extensions on non-windows platforms. However, Windows doesn’t store the private key in a separate file to view as a text file. you can’t export the private key alone. If you need to export the private key from either MMC or IIS, you should export the certificate in .pfx (PKCS#12) file format along with the private key. If this is the case, you may ask if it is not possible to export a private key file on the Windows platform. To answer this question, there is no direct way. However, there is a way. Let’s see how to export a private key file from a Windows machine.
We have broken down the procedure into four sections to make it simple to understand.
Note: We have covered right from the beginning from creating a CSR to exporting the private key for those who need help in getting a certificate. If you have the certificate in your hand or it’s deployed on your Windows server, then you can skip the first three steps. You can start directly from the fourth step.
Create CSR.
Submit the CSR to a CA and get the Certificate.
Import the Certificate on your Windows machine.
Export the Certificate in PFX format.
Install OpenSSL on your Windows machine.
Export the private key file from the PFX certificate.
1. Open MMC console:
Win + R > mmc > Ok > File > Add/Remove Snap-in > Certificates > Add > Computer account > local computer > Finish > Ok.
2. Create a CSR file:right-click the Personal folder > All Tasks > Advanced Operations > Create Custom Request > Next > Proceed without enrollment policy > Click Next > PKCS # 10 > Next > Details > Properties.
3. Add CSR contents:
Subject tab > Fill Subject name
Common Name (CN) = Host or domain name
DNS (SAN) =
Organization (O) =
Organizational Unit (OU) =
City/Locality (L) =
State/County/Region (S) =
Country (C) =
Email Address =
Private Key tab > Key options > select Key size: 2048 > Ok
4. Save the CSR file:Select Base 64 and Click Next > Click Browse.
Please visit this post to see how to create a CSR on a Windows machine.
Submit the CSR to your Certificate Authority (CA) or you can also submit it to third party CA to sign the certificate.
If you have Microsoft’s ADCS CA service and want to sign the CSR with your internal CA. Please read how to submit and download the certificate from ADCS.
After CA has issued the certificate. You should download that and import it along with the chain certificates.
Note: If you don’t have the chain certificates imported to trusted stores, please import chain certificates (intermediate & root CA certificates) on your machine.
Right Click on the Certificate > Install Certificate > Next > Automatically select the certificate store > Finish > Ok
This is the place where the export of the private key happens. Windows doesn’t store the private key in a separate file. you can’t export the private key alone. If you need to export the private key from either MMC or IIS, you should export the certificate in .pfx (PKCS#12) file format along with the private key.
1. Open MMC console:
Win + R > mmc > Ok > File > Add/Remove Snap-in > Certificates > Add > Computer account > local computer > Finish > Ok.
2. Export the certificate in PFX:
Right Click on the Certificate > All Tasks -> Export > Next > yes, export the private key > Next > Personal INformation Exchange – PKCS # 12 (PFX) > Include all certificate in the path > Next > Passwords > Browse > Finish.
OpenSSL is a powerful full cross-platform open-source utility used in various digital certificate activities? The installation procedure is very simple and straightforward. Read this post to learn how to install OpenSSL on a Windows machine.
1. Download the OpenSSL installer from the official OpenSSL download link: https://slproweb.com/products/Win32OpenSSL.html
2. Run the installer to complete the installation.
3. Add OPENSSL_CONF and Path environment variable on System Properties:
Run this command to extract the private key from PFX file:
> openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]
Run this command to extract the certificate from PFX file:
> openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
Run this command to decrypt the private key:
> openssl rsa -in [drlive.key] -out [drlive-decrypted.key]
In this way, you can export a private key file from the Windows machine.
Thanks for reading this post. Please let us know if you want to know more about this. We recommend reading the below post to know in detail.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.