Exporting the Certificate and private key from MS CA server |
1. Go to 'Start' -> 'Run' -> MMC 2. Click on 'File' -> 'Add / Remove Snap-in' 3. Click the 'Add...' button 4. Select 'Certificates' then click 'Add' 5. Select 'Computer Account' -> 'Next' -> 'Local Computer' -> 'Finish' 6. click 'Close' -> 'OK' The MMC is now loaded with the Certificates snap-in. 7. Expand Certificates -> and click on 'Personal' -> 'Certificates' 8. Right click the appropriate CA cert and choose 'All Tasks' -> 'Export' The Certificate Export Wizard will launch 9. Click 'Next' -> Select 'Yes, Export the private key' -> 'Next' 10.Uncheck all of the options here. PKCS 12 should be the only option available. Click 'Next' 11. Give the private key a password of your choice 12. Give a filename to save as and click 'Next', then 'Finish' You now have your CA signing certificate and root exported as a PKCS 12 (PFX) file. |
Extracting the Public key (certificate) |
You will need access to a computer running OpenSSL. Copy your PFX file over to this computer and run the following command: openssl pkcs12 -in <filename.pfx> -clcerts -nokeys -out certificate.cer This creates the public key file named 'certificate.cer' |
Extracting and decrypting the Private key |
The WSA requires that the private key be unencrypted. Use the following OpenSSL commands: openssl pkcs12 -in <filename.pfx> -nocerts -out privatekey-encrypted.key You will be prompted for 'Enter Import Password'. This is the password created in step 11 above. You will also be prompted for 'Enter PEM pass phrase'. The is the encryption password (used below). This will create the encrypted private key file named 'privatekey-encrypted.key' To create a decrypted version of this key, use the following command: openssl rsa -in privatekey-encrypted.key -out private.key |