Customers sometime have a need to export a certificate and private key from a Windows computer to separate certificate and key files for use elsewhere. Windows doesn't provide the means to complete this process.
- Start the MMC snap-in certmgr.msc. You will be asked if you want operate on your Personal certificate store, the local machine Personal certificate store, or the store associated with a service account. In most cases you want the local machine store.
- In the left pane, navigate to the node that contains the certificate of interest.
- Right click on the certificate and select All Tasks > Export
- Follow the prompts in the Certificate Export Wizard. Note: you won't be able to export a private key if it wasn't marked as exportable when you originally created the CSR for the certificate.
- Take the *.pfx file you exported to and mopve it to a system where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
- Run the following OpenSSL command to export the private key:
openssl pkcs12 -in filename.pfx -nocerts -out key.pem -nodes
- Run the following OpenSSL command to export the certificate:
openssl pkcs12 -in filename.pfx -nokeys -out cert.pem
Open SSL pkcs#12 Commands