Scribd
Upload
9 views17 pages

How To Export A Private Key File From A Windows Machine - The Sec Master

Uploaded by

rahul.17.rathore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views17 pages

How To Export A Private Key File From A Windows Machine - The Sec Master

Uploaded by

rahul.17.rathore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine?

- The Sec Master

Home | Blog | How To Export A Private Key F…

How To Export A Private Key File From A Windows


Machine?

It is easy to locate and export a private key file on non-windows platforms. Both
public and private keys will be created and saved in a separate file in .key or .pem
extensions on non-windows platforms. However, Windows doesn’t store the private
key in a separate file to view as a text file. you can’t export the private key alone. If
you need to export the private key from either MMC or IIS, you should export the
certificate in .pfx (PKCS#12) file format along with the private key. If this is the case,
you may ask it is not possible to export a private key file on the Windows platform.

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 1/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

To answer this question, there is no direct way. However, there is a way. Let’s see
how to export a private key file from a Windows machine.

Table of Contents
1. Procedure To Export A Private Key File From Windows:
2. Frequently Asked Questions:

Procedure To Export A Private Key File From Windows:


We have broken down the procedure into four sections to make it simple to
understand.

Note: We have covered right from the beginning from creating a CSR to export the
private key for those who need help in getting a certificate. If you have the
certificate in your hand or it’s deployed on your Windows server, then you can skip
the first three steps. You can start directly from the fourth step.

1. Create CSR.

2. Submit the CSR to a CA and get the Certificate.

3. Import the Certificate on your Windows machine.

4. Export the Certificate in PFX format.

5. Install OpenSSL on your Windows machine.

6. Export the private key file from the PFX certificate.

Time needed: 15 minutes.

How To Export a Private Key File from a Windows Machine?

1. Create a CSR

1. Open MMC console:


Win + R > mmc > Ok > File > Add/Remove Snap-in > Certificates > Add >
Computer account > local computer > Finish > Ok.
https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 2/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

2. Create a CSR file:


right-click the Personal folder > All Tasks > Advanced Operations > Create
Custom Request > Next > Proceed without enrollment policy > Click Next >
PKCS # 10 > Next > Details > Properties.

3. Add CSR contents:


Subject tab > Fill Subject name

Common Name (CN) = Host or domain name


DNS (SAN) =
Organization (O) =
Organizational Unit (OU) =
City/Locality (L) =
State/County/Region (S) =
Country (C) =
Email Address =

Private Key tab > Key options > select Key size: 2048 > Ok

4. Save the CSR file:


Select Base 64 and Click Next > Click Browse.

Please visit this post to see how to create a CSR on a Windows machine.

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 3/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

2. Submit the CSR to a CA and get the Certificate


Submit the CSR to your Certificate Authority (CA) or you can also submit it to
third party CA to sign the certificate.

If you have Microsoft’s ADCS CA service and want to sign the CSR with your
internal CA. Please read how to submit and download the certificate from ADCS.

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 4/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

3. Import the Certificate on your Windows machine


After CA has issued the certificate. You should download that and import it along
with the chain certificates.
Note: If you don’t have the chain certificates imported to trusted stores, please
import chain certificates (intermediate & root CA certificates) on your machine.

Right Click on the Certificate > Install Certificate > Next > Automatically select
the certificate store > Finish > Ok

4. Export the certificate in PFX format


This is the place where the export of the private key happens. Windows doesn’t
store the private key in a separate file. you can’t export the private key alone. If
you need to export the private key from either MMC or IIS, you should export the
certificate in .pfx (PKCS#12) file format along with the private key.

1. Open MMC console:


Win + R > mmc > Ok > File > Add/Remove Snap-in > Certificates > Add >

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 5/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

Computer account > local computer > Finish > Ok.

2. Export the certificate in PFX:


Right Click on the Certificate > All Tasks -> Export > Next > yes, export the
private key > Next > Personal INformation Exchange – PKCS # 12 (PFX) >
Include all certificate in the path > Next > Passwords > Browse > Finish.

5. Install OpenSSL on your Windows machine.


OpenSSL is a powerful full cross-platform open-source utility used in various
digital certificate activities. The installation procedure is very simple and straight.
Read this post to know how to install OpenSSL on the Windows machine.

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 6/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

1. Download the OpenSSL installer from the official OpenSSL download link:
https://slproweb.com/products/Win32OpenSSL.html

2. Run the installer to complete the installation.

3. Add OPENSSL_CONF and Path environment variable on System Properties:

6. Export the private key file from the PFX certificate.

Run this command to extract the private key from PFX file:
> openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]

Run this command to extract the certificate from PFX file:


> openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]

Run this command to decrypt the private key:


> openssl rsa -in [drlive.key] -out [drlive-decrypted.key]

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 7/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

See Also How to Patch the 5 New Vulnerabilities in VMware Workspace ONE Assist

In this way you can export a private key file from the Windows machine.

Thanks for reading this post. Please let us know if you want to know more about
this. We recommend to read the below post to know in detail.

Step by Step Procedure to Convert a CER Certificate to PFX Without the Private
Key

How to Set Up a Certificate Authority on Ubuntu using OpenSSL?

How to Create a Certificate Signing Request on a Linux Server?

Step-By-Step Procedure to Install OpenSSL on The Windows Platform

How to Download and Import Trusted Root CA Certificates from Internal


Certificate Authority Server?

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 8/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

Step-By-Step Procedure Step-By-Step Procedure Step by Step Procedure


to Export a Certificates to Export a Certificate to Convert a CER
With a Private Key From With a Private Key From Certificate to PFX
a Windows Server the IIS Console Without the Private Key

How to Export a Step-By-Step Procedure The Most Useful


Certificate From To Install OpenSSL On OpenSSL Commands to
PowerShell? The Windows Platform Work With SSL
Certificates

Frequently Asked Questions:


1. What is a private key file?
A private key file is a cryptographic key that is used to decrypt data encrypted with
the corresponding public key. Private keys should be kept secure and confidential, as
unauthorized access to a private key file can lead to unauthorized access to
encrypted data or the ability to forge digital signatures.
2. Why would I need to export a private key file from a Windows machine?
You might need to export a private key file from a Windows machine if you need to
transfer the key to another device or if you want to create a backup of the key. This
can be useful for migrating security credentials or transferring encrypted data
between devices.
3. How can I export a private key file from a Windows machine?

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 9/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

To export a private key file from a Windows machine, you can use the Microsoft
Management Console (MMC) with the Certificates snap-in. Follow these steps:

1. Press “Windows Key + R” and type “mmc” in the Run dialog box. Press “Enter” to
open the Microsoft Management Console.
2. Click “File” > “Add/Remove Snap-in” in the MMC.
3. Select “Certificates” from the list of available snap-ins and click “Add.”
4. Choose “My user account” or “Computer account,” depending on the location of
the certificate you want to export, and click “Finish.”
5. Click “OK” to close the Add/Remove Snap-in dialog box.
6. In the MMC, expand the “Certificates” node to locate the certificate containing the
private key you want to export.
7. Right-click the certificate, select “All Tasks,” and then click “Export.”
8. Follow the Certificate Export Wizard prompts, and make sure to select “Yes,
export the private key” when prompted.
9. Choose the desired export format (usually Personal Information Exchange – PKCS
#12 (.PFX)) and set a password to protect the exported file.
10. Specify a file name and location for the exported private key file, and click
“Finish.”
4. Can I export a private key file using command-line tools?
Yes, you can use the “certutil” command-line tool to export a private key file from a
Windows machine. You will need to provide the appropriate command options and
arguments, including the thumbprint of the certificate you want to export and the
desired export format.

See Also How To Prevent Your Apple Device From DoorLock Vulnerability?

5. Are there any third-party tools available for exporting private key files?
Yes, there are third-party tools available for exporting private key files from a
Windows machine. Some popular tools include OpenSSL and KeyStore Explorer.
https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 10/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

These tools can provide additional options and flexibility when exporting private
keys compared to the built-in Windows tools.
6. How can I ensure the security of the exported private key file?
To ensure the security of the exported private key file:

1. Protect the exported file with a strong password.


2. Store the exported file in a secure location, such as an encrypted USB drive or a
secure cloud storage service.
3. Limit access to the exported file to authorized individuals only.
4. Delete the exported file from the Windows machine once it is no longer needed.
7. What file format is used for exporting private key files?
Private key files are usually exported in the Personal Information Exchange (PKCS
#12) format with a .pfx or .p12 file extension. This format is widely supported by
various operating systems and applications and can store both the private key and
the corresponding public key certificate.

Keep Reading:

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 11/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

Step-By-Step Procedure to Export a Certificates…

Step by Step Procedure to Convert a CER…

The Most Useful OpenSSL Commands to Work With SSL…

Step By Step Procedure To Configure IIS On The…

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 12/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

Step-By-Step Procedure To Install An SSL…

How To Download And Import Trusted Root CA…

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 13/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of


Ty p e h e r e . . .
“thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor,
Author at TheSecMaster. To know more about me. Follow me on LinkedIn

LEAVE A REPLY

Your email address will not be published. Required fields are marked

Comment

Name *

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 14/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

Email *

Website

Post Comment

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 15/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

Recent Posts

How to Fix CVE-2023-2982- An Authentication Bypass Vulnerability


in miniOrange WordPress Plugin?
Read More

7 Best E-books to Learn Computer Programming: Unleash Your


Coding Potential
Read More
Learn Something New with Free Email subscription
Email is also one of the ways to be in touch with us. Our free subscription plan offers you to
receive post updates straight to your inbox.

Email

Sign Up

How to Detect Unauthorized Access on Windows Machines?


Read More
https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 16/17
7/1/23, 10:59 AM How To Export A Private Key File From A Windows Machine? - The Sec Master

C AT E G O R I E S ABOUT

Best Reads About Us


Follow us
Tutorials Get in Touch
Threats & Vulnerabilities Privacy Policy
Cyber Security Terms & Conditions
Cloud & OS Platform Cookie Policy
Programming & Scripting Disclaimer
Futuristic Technologies
Web Stories
What Is a Phishing Assessment? A Step-By-Step Guide to Install the
Phishing
C O N TA C T Assessment Tool ‘Gophish’F O L L O W
Facebook
[email protected]
Read More
LinkedIn
[email protected]
Twitter
[email protected]
Telegram
+91 9980509911
Medium
+91 9945994040
Instagram
+91 8317311539
Tumblr
WEBSITES

TheCrypticWorld

Where to Report Cybercrime in


Copyright the
2023 United
, all rights reserved. States?
Read More
Privacy & Cookies Policy

What Is Windows Sysinternals? How to Get the Sysinternals Suite?


Read More

https://thesecmaster.com/how-to-export-a-private-key-file-from-a-windows-machine/ 17/17

You might also like