To create a backup copy of the certificate or use the certificate on another computer, first export the certificate and private key. Exporting the certificate places it in a file that can be transferred to another computer or be placed in a safe place.
When exporting a certificate with its private key, always protect the certificate and private key with a strong password. Right-click the certificate to export, point to All Tasks , and then click Export. If available, choose Yes, export the private key ; otherwise, click No, do not export the private key , then click Next. The latter option appears only if the private key is marked as exportable and the user has access to it. If the private key is being exported step 4 , type a strong password to use to encrypt the key, confirm the password, and then click Next.
Enter a name for the file and the location include the entire path , or click Browse , navigate to the location, and then enter the file name. When a certificate is imported, its corresponding private key must be configured to allow access from SecureAuth IdP. Digital Certificate Private Key Management.
Knowledge Base Articles. Expand all Collapse all. A t tachments 12 Page History People who can view. Page Labels Attachment Labels. Skip to end of banner. Jira links. Applies to. Certificate Stores. For example, a common type of credential is the X. SetCertificate method. There are three different types of certificate stores that you can examine with the Microsoft Management Console MMC on Windows systems:.
The following procedure demonstrates how to examine the stores on your local device to find an appropriate certificate:. From the Available snap-ins list, choose Certificates , then select Add.
In the Certificates snap-in window, select Computer account , and then select Next. Optionally, you can select My user account for the current user or Service account for a particular service. For the rest of this article, a certificate in a user and computer context will be informally called user certificates and computer certificates. If you intend for a certificate to be used by a single user, then a user certificate store inside the Windows certificate manager is ideal.
This is the common use case for certificate-based authentication processes such as wired IEEE If a certificate will be used by all users on a computer or a system process, it should be placed inside of a store in the computer context.
For example, if a certificate will be used on a web server to encrypt communication for all clients, placing a certificate in a store in the computer context would be ideal. This allows for certificates in a computer certificate store to be used by all users, depending on the permissions configured for the private key.
For more information on private keys, be sure to check out the article X. Below you can see a breakdown of where each type of store is located in the registry and file system. Throughout the rest of this article, you will find multiple examples showing interactions with Windows certificate stores. To replicate these examples, be sure you meet the following prerequisites:. Since certificates can be managed a few different ways in Windows, which one do you choose?
First, consider the lifecycle of a certificate. If you only intend to install or remove a single certificate once, consider using the MMC. This initial view will provide an overview of all the logical stores displayed in the left window. You can see in the screenshot below the Trusted Root Certification Authorities logical store is selected. By default, the Windows certificate manager will not show the actual physical stores.
To show the stores, click on View and then on Options. You will then see options to choose to show physical certificate stores.
Enabling this option makes identifying the specific paths within Windows easier. You can now see additional containers are shown under the example Trusted Root Certification Authorities logical store shown previously. There are many attributes of a certificate you can see when viewing them with the MMC.
For example, you will likely want to select specific certificates. If the certificate was signed by a certificate authority CA , it will have a serial number when issued. The Thumbprint is calculated every time the certificate is viewed. You can see some of the attributes for a certificate by opening it up in the MMC as you can see below.
One important feature to point out is embedded private keys. Certificates in Windows can also have a corresponding private key. These private keys are stored in corresponding physical stores as encrypted files. To quickly distinguish a certificate with and without a corresponding private key, look at the certificate icon. In the Windows certificate manager, if the icon simply looks like a piece of paper with a ribbon, there is no corresponding private key.
If a certificate does have a private key, you will see a key in the MMC icon, and you will see a key at the bottom of the General tab when you open the certificate. You can see an example output of this below. Another common store is, the Personal store.
Your certificates for this store are located on the file system rather than the Registry. In the following commands we will show these different physical paths and their purposes. Each file in the directory, returned by the command below, corresponds to a certificate installed in the Personal current user store. If you want to move certificates between accounts, first export the certificate from one account and then import the certificate to the other account.
You should only delete a certificate that you know is no longer necessary. If you delete a certificate with private key, then you will no longer be able to read encrypted data that uses that certificate.
Ensure that you no longer need the certificate especially with if it also has a private key with it that you delete. Office Office Exchange Server. Not an IT pro? United States English. Post an article. Subscribe to Article RSS. Click Sign In to add the tip, solution, correction or comment that will help other users. Report inappropriate content using these instructions.
How to Use the Certificates Console. Table of Contents. You can use the Certificates console to perform the following tasks: View information about certificates, such as certificate contents and the certification path. Import certificates into a certificate store. Move certificates between certificate stores. Export certificates and, optionally, export private keys if key export is enabled.
0コメント