• Home
  • |
  • Blog
  • |
  • Step-By-Step Procedure to Export a Certificates With a Private Key From a Windows Server
Step-By-Step Procedure to Export a Certificates With a Private Key From a Windows Server

The private key plays a vital role in proving the identity. A private key is required to sign a certificate and prove its authenticity. Without the private key, it would not be possible to verify the certificate or decrypt the data. So private key is highly confidential. It should be protected with higher security. If you leak the private key of a server to an unauthorized person, the person can impersonate the legitimate owner and carry out activities such as eavesdropping on communications or conducting man-in-the-middle attacks. However, there are several circumstances where you will have to use the same private key on other servers. Since Windows doesn’t allow accessing private keys, you can’t transport a private key alone. In such cases, you will have to export the certificate with a private key from the Windows server and share the certificate with the private key to import to another server.

Let’s see how to export a certificate with a private key from a Windows Server in this post.

Why Should We Export Certificates With a Private Key?

If you want a certificate for an internal application from the internal Certificate Authority, you can request as many certificates as you want. However, if you want a certificate for an application hosted on the public internet, you should request a public certificate from any global Certificate Authorities like Digicert, Verisign, or Let‘s Encrypt. Bear in mind that public certificates come for a heavy price. No organizations will be ready to buy multiple public certificates for a single application hosted on multiple servers. Instead, they want to reuse the same certificate on multiple servers of that application. You can’t install the same certificate on multiple servers without the private key. That’s why most organizations will export the certificate with a private key so that they can reuse the same certificate on multiple servers of that application. We have listed a few other reasons you want to export a Certificate with a private key. Some of them are:

  1. Exporting a certificate with its private key allows you to move the certificate and key to another computer or server. This can be useful if you need to switch servers or if you’re setting up a new server and want to use a certificate that’s already been issued.
  2. Export certificates with their private keys also allow you to back up your certificates in case they are ever lost or corrupted.
  3. If you are going to be using the certificate on a new server, you will need to export it with the private key. Otherwise, the certificate will not work.
  4. Export certificates with their private keys also allow you to generate a new CSR (certificate signing request) if you need to. If your original CSR was lost or corrupted, this could be a lifesaver.
  5. Finally, exporting a certificate with its private key allows you to share the certificate with others. For example, if you have a web server and want to give someone else access to it, you can export the certificate and key and send them to the other person. They can then import the certificate and key on their own computer and use them to access your server.

How to Export a Certificates With Private Key From Windows Server?

Let’s see a step-by-step procedure to export a certificate with a private key from a Windows Server in a pfx format using Microsoft Management Console (MMC).

Time needed: 15 minutes.

How to Export a Certificates With Private Key From Windows Server?

  1. Let’s Begin to Export the Certificate by Launching MMC Console

    In Windows Start, type ‘Run‘ –> type ‘mmc‘, and click on ‘OK‘ to open the MMC console.launch MMC console on Windows Server

  2. Add/Remove Snap-in

    In the console, click on ‘File‘ –> select ‘Add/Remove Snap-in‘.Add_Remove Snap-in in windows mmc

  3. Add Certificate Snap-in

    In Add / Remove Snap-in, select ‘Certificates‘ from Available snap-ins, and click on ‘Add >‘ .Add Certificate Snap-in in mmc

  4. Add Computer Account to Export Computer Certificate

    In the certificates snap-in window, select ‘Computer Account‘, and click on ‘Next‘.
    Add Computer Account to export computer certificate

  5. Select the Computer You Want to Export the Certificate From

    Select ‘Local computer: (the computer this console is running on)‘ from which we are exporting the certificate, and click on ‘Finish’ to complete the certificated snap-in addition in the MMC. Select Another Computer if you want to export the certificate from a different computer.image

  6. Click ‘OK’ to Complete the ‘Add or Remove Snap-in’ Window

    image (1)

  7. Select the Certificate You Want to Export

    In this case, certificates exist in Personal Store. Expand Console Root –> Certificates (Local Computer) –> Personal –> Certificates.image (2)

  8. Export the Certificate

    Select the certificate which needs to Export. Right-click on the certificate –> Select ‘All Tasks‘ –> click on ‘Export. ‘
    image (3)

  9.  Certificate Export Wizard Opens. Click ‘Next’ to Continue

    image (4)

  10. Select the Export Private Key Option

    Under the ‘Export Private Key‘ window, Select ‘Yes, export the private key‘ to export the certificate with Private Key. Click ‘Next‘ to continue.image (5)

  11. Select PFX Format

    Under the ‘Export File Format’ window, select ‘Personal Information Exchange — PKCS #12 (.PFX)‘ and check ‘Include all certificates in the certification path if possible to include the chain of Intermediate CA certificates into the certificate file. Click ‘Next‘ to continue.image (6)

  12. Encrypt the Certificate With Password

    In the ‘Security’ Window, check ‘Password‘ and set a ‘Password‘ and ‘Confirm Password’. This password will be used while Importing the certificate. Select the ‘Encryption’ to ‘TripleDES-SHA1‘. Click on ‘Next‘.image (7)

  13. Export the Certificate With Private Key In PFX Format

    In the ‘File to Export‘ window, Select the File Name and the Location where the certificate with Private Kay will be exported. Click on ‘Next‘.image (8)

  14. Certificate Export Wizard Summary

    Take a look at the ‘Certificate Export Wizard Summary‘ and verify the details and click on ‘Finish. ‘image (9)

  15. Export of the Certificate Completion With This

    You will be greeted with a prompt ‘The export was successful’. Click ‘OK‘ to complete the Wizard.image (10)

  16. A Certificate With Private Key Is Ready to Transfer to Other Server

    You will find the Exported Certificate with Private Key in the location (In this case, it’s the ‘Documents’ Folder).image (11)

This is how you can export a certificate with a private key from a Windows Server.

We hope this post will show you step by step procedure to export a certificate with a private key from a Windows Server. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.