Microsoft KB Archive/310114

= HOW TO: Export Certificates in Windows 2000 =

PSS ID Number: 310114

Article Last Modified on 11/18/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional

-



This article was previously published under Q310114



IN THIS TASK

 * SUMMARY
 * ** How to Export Certificates



SUMMARY
Digital certificates are an important part of a network's public key infrastructure (PKI). Services and programs that communicate across non-secure networks use digital certificates to provide authentication and security.

You can use the Certificates snap-in in Windows 2000 to request, manage, and export certificates. If you want to either back up the certificate or use the certificate on a different computer, you can use the Certificates snap-in to copy a certificate from a certificate store to a file, and then export the certificate. This article describes how to export certificates that you have either copied or backed up.

back to the top

How to Export Certificates
You can use any of the following standard certificate file formats that are supported by Windows 2000 to export a certificate:
 * Personal Information Exchange (PFX, also called PKCS #12)
 * Cryptographic Message Syntax Standard (PKCS #7)
 * Distinguished Encoding Rules (DER) Encoded Binary X.509
 * Base64 Encoded X.509

The DER Encoded Binary X.509 format and the Base64 Encoded X.509 format are used for interoperability if the certification authority is not a Windows 2000-based server.

To export a certificate:  Start the Certificates Microsoft Management Console (MMC).

You may need to create this MMC if you did not previously create and save a console that contains the Certificates snap-in. In the Logical Certificates Stores view, click the appropriate node in the left pane.

For example, to export a personal certificate for your user account, click to expand the Certificates | Personal node, and then click Certificates. A list of the certificates that are issued to your user account is displayed in the right pane. Right-click the certificate that you want to export. Click All Tasks on the Context menu. Click Export. After the Certificate Export Wizard starts, click Next. When you are prompted to export the private key with the certificate, click either Yes or No (depending on your situation), and then click Next.</li> Click the file format, and then click Next.

If you click PKCS #12, the following options are displayed:

<ul> Include all certificates in the certification path</li> Enable strong protection</li> Delete the private key if the export is successful</li></ul>

If you are backing up an Encrypting File System (EFS) certificate and keys, leave the private key on the computer so that you can decrypt your files without importing the private key. If you are backing up a file recovery certificate and keys, delete the private key after you export the certificate.</li> If you are exporting the private key, type and confirm a password to protect the key, and then click Next.</li> Enter a file name for the export file (you can browse for a path and file), and then click Next.</li> When a summary of the information that you entered is displayed, click Back to make any changes.

If the information is correct, click Finish.</li> When you receive the &quot;Export was successful&quot; message, click OK.</li></ol>

NOTE: Store the exported certificate file so that you can use this certificate to restore the certificate if the original certificate becomes lost or damaged. You can also use the stored exported certificate to install the certificate on a different computer.

back to the top

Keywords: kbenv kbhowto kbHOWTOmaster KB310114

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.