How to correctly export a PFX to transfer to another Server

Version Affected:  All

Description:  
How to correctly export a PFX to transfer to another Server

Cause:  
Sometimes it is required to copy the Certificate IdP uses, across Servers
We will be concentrating on the Appliance Certificate, if a different Certificate is in question, the same steps apply if you are looking to export the PFX.

Resolution:  
1) Click on the Windows or Search Icon and type 'Certificates Console' then select the correct option
(If you see a warning pop up, click 'Yes')


2) Expand the 'Personal - Certificates' Tree and find the Certificate you are looking for, our example is the 'localhost' Appliance Certificate.
Right click that Certificate and choose 'All Tasks - Export...'


3) Click 'Next'
4) Select 'Yes, export the private key' and click 'Next'


5) On the following page, ensure the below options are selected
- Include all certificates in the certification path if possible
- Export all extended properties
- Enable certificate privacy
Then click 'Next'



6) On the following page, select the 'Password' checkbox (you are required to enter a password as you are exporting the Private Key)
Type a password in the upper field and repeat that password in the 'Confirm Password' field
Make this a secure password as this is a Private Key and needs to be kept safe. Be sure to use a Password which can be remembered or recovered, this will be needed when the Certificate is ingested/imported to any Certificate Store

Click 'Next'


7) On the following screen, click 'Browse', select a folder for the exported PFX to be saved to. Give it a name which makes sense in relation to what the Certificate is for (it can be called anything and makes no difference to the Certificate properties)
Click 'Save'
Click 'Next'

8) On the 'Completing the Certificate Export Wizard' page, have a look over the summary and click 'Finish'
9) Go to the folder you selected as the save location in step 7, you should find your exported PFX there



10) Copy the PFX to the target Appliance

If manually ingesting the PFX to another Appliance, ensure you select 'Local Machine' as the Target Certificate Store to import it to, also ensure you select the 'Mark this key as exportable. This will allow you to back up or transport your keys at a later time.' checkbox.

Special Considerations (optional as needed):  
- As this is your Private Key, it is strongly recommended to ensure this is kept safe at all times
- It is also recommended to ensure you have a strong password assigned to the PFX as you are exporting it, again this will help ensure the Private Key is kept as secure as possible
- Do not leave PFX files in unsecured locations, once they are ingested into a Certificate Store, we recommend they are deleted from the file structure.

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.