Cisco Cisco Web Security Appliance S670 Troubleshooting Guide
How do I export and convert a pfx CA root
certificate and key from a Microsoft CA server
certificate and key from a Microsoft CA server
Document ID: 118339
Contributed by Cisco TAC Engineers.
Aug 22, 2014
Aug 22, 2014
This Knowledge Base article references software which is not maintained or supported by Cisco. The
information is provided as a courtesy for your convenience. For further assistance, please contact the software
vendor.
information is provided as a courtesy for your convenience. For further assistance, please contact the software
vendor.
The following are instructions to export a CA signing root certificate and key from a Microsoft CA server
2003. There are several steps in this process. It is crucial that each step is followed.
2003. There are several steps in this process. It is crucial that each step is followed.
Exporting the Certificate and private key from MS CA server
1. Go to 'Start' −> 'Run' −> MMC
2. Click on 'File' −> 'Add / Remove Snap−in'
3. Click the 'Add...' button
4. Select 'Certificates' then click 'Add'
5. Select 'Computer Account' −> 'Next' −> 'Local Computer' −> 'Finish'
6. click 'Close' −> 'OK'
The MMC is now loaded with the Certificates snap−in.
7. Expand Certificates −> and click on 'Personal' −> 'Certificates'
8. Right click the appropriate CA cert and choose 'All Tasks' −> 'Export'
The Certificate Export Wizard will launch
9. Click 'Next' −> Select 'Yes, Export the private key' −> 'Next'
10. Uncheck all of the options here. PKCS 12 should be the only option available. Click 'Next'
11. Give the private key a password of your choice
12. Give a filename to save as and click 'Next', then 'Finish'
You now have your CA signing certificate and root exported as a PKCS 12 (PFX) file.
Extracting the Public key (certificate)
You will need access to a computer running OpenSSL. Copy your PFX file over to this computer and run the
following command:
following command: