How to export your TLS certificate as a PFX backup file from a Windows server using MMC.
To Export a Server Certificate
- In the Run dialog box, type mmc, and then click OK. The Microsoft Management Console (MMC) appears.
- If you do not have Certificate Manager installed in the MMC, you'll need to install it.
- On the File menu, click Add/Remove Snap In
- Click Add and then Select Certificates from the Available Standalone Snap-ins dialog box and click Add
- Select Computer Account and then Local Computer
- The Certificate Manager MMC has been installed
- In the console tree in the left-hand pane expand the Certificates (Local Computer) node, and then the Personal node. Note that to view certificates in the local machine store, you must be in the Administrator role.
- Right-click the certificate you want to export, click All Tasks, and click Export to start the Certificate Export Wizard.
- Click Next.
- On Export Private Key, click Yes to export the private key.
Important: You must export the private key along with your certificate for it to be valid on your target server. Otherwise, you will have to request a new certificate for the target server.
- In the Export File Format dialog box, click the format you want for the certificate. If the certificate has already been formatted, that format is selected as the default (should be .pfx). Click Next.
Do not select Delete the private key if export is successful, because this will disable the TLS site that corresponds to that private key.
Select the "include all certificates in the certification path if possible" checkbox.
- Continue to follow steps in the wizard, and enter a password for the certificate backup file when prompted. Using a strong password is highly recommended because it ensures that the private key is well protected.
- Type the name of the file you want to export, or click Browse to search for the file. Click Next.
- Click Finish to complete the Certificate Export Wizard.