This document explains how to use the Microsoft Management Console (MMC) to import and export SSL Certificates. This is only one use for the MMC. Please see the MMC Documentation for more info.
Note: This document assumes the existing certificate is functional on the machine where the exporting takes place.
Start the MMC
The Microsoft Management Console (MMC) is part of Windows 2000 and later. It does not exist in NT or 9x. You may be able to do similar functions using IE, but IE versions vary so it will not be discussed here.
To start the MMC:
- Start -> Run -> MMC
- Choose File | Add/Remove Snap-in ...
- Click Add
- Select Certificates from the list and click the Add button
- Choose Computer account
- Choose Local Computer
- Click Close
- Click OK
- Repeat steps 2-8, substituting 'My user account' in step 5 and skipping step 6
- Choose File | Save As ... and save the settings to an .MSC file
In the future you can skip these steps by double-clicking the MSC file or by choosing the MSC from the history under the File menu.
Export an Existing Certificate
Follow these steps to save a certificate to a file. The file can then be used to import the certificate to another machine.
To export an existing certificate:
- Start the MMC by following the steps above or by clicking the MSC file saved previously
- Locate the Certificate that you wish to export. Certificates are using installed under the Personal ("MY") store in either the Local Machine or Current User stores
- Right Click on the certificate and choose All Tasks | Export
- Click Next
- Check 'Yes, export the private key' (If it's grayed out, the certificate can't be moved to another machine)
- Click Next
- Leave the Default setting at "Enable Strong Protection"
- Click Next
- Choose a password and click next
- Save the PFX file using a filename
- Click Next and you should see the "Completing the Certificate Export Wizard" screen
- Click Finish and you are done
The file you just saved can now be moved to another machine.
Import a Certificate
Follow these steps to move a certificate from one machine to another.
To import an existing certificate:
- Start the MMC by following the steps above or by clicking the MSC file saved previously
- Choose the store that you want to import to (EXAMPLE: Local Computer -> Personal)
- Right Click on the store and choose All Tasks | Import
- Click Next
- Browse to the PFX file that was previously saved
- Click Next
- Enter the password. If you want to allow the certificate to be exported again, check 'Mark this key as exportable'
- Click Next
- Check 'Place all certificates in the following store'
- Click Browse
- Check 'Show physical stores'
- Choose 'Personal' to store to the Current User store or 'Personal -> Registry' to store to the Local Machine store
- Click OK
- Click Finish
The certificate is now usable. However, unless the CA is already trusted (which is the case for major Certificate providers), users will be notified that the certificate itself is not trusted. To resolve this, go to the Website of the Certificate Authority that originally issued the certificate to obtain the CA's root certificate.
Note about importing certificates: PowerTCP requires that a certificate be properly imported into a valid Microsoft Certificate Store. If a certificate was created from a non-MS source (such as OpenSSL) , please be sure to export the certificate properly before importing it into an MS Certificate store. Check the help for whatever SSL system you are using for more information.
See Also