Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


Customers sometime have a need to export a certificate and private key from a Windows computer to separate certificate and key files for use elsewhere. Windows doesn't provide the means to complete this process.


  1. Start the MMC snap-in certmgr.msc. You will be asked if you want operate on your Personal certificate store, the local machine Personal certificate store, or the store associated with a service account. In most cases you want the local machine store.
  2. In the left pane, navigate to the node that contains the certificate of interest.
  3. Right click on the certificate and select All Tasks > Export
  4. Follow the prompts in the Certificate Export Wizard. Note: you won't be able to export a private key if it wasn't marked as exportable when you originally created the CSR for the certificate.
  5. Take the *.pfx file you exported to and mopve it to a system where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
  6. Run the following OpenSSL command to export the private key: openssl pkcs12 -in filename.pfx -nocerts -out key.pem -nodes
  7. Run the following OpenSSL command to export the certificate: openssl pkcs12 -in filename.pfx -nokeys -out cert.pem


Open SSL pkcs#12 Commands


  • No labels