Back up an EFS certificate with the private key

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To back up an EFS certificate with the private key

  • To back up the EFS certificate currently in use

  • To back up any EFS certificate

To back up the EFS certificate currently in use

  1. Open Certificate Export Wizard.

  2. In the Certificate Export Wizard, click Next, and then click Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)

  3. Under Export File Format, ensure that the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box is selected, and then click Next.

  4. In Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.

  5. In File name, type a file name and path for the PKCS #12 file that will store the exported certificate and private key, click Next, and then click Finish.

To back up any EFS certificate

  1. Open Certificates - Current User.

  2. In the console tree, click Certificates.

    Where?

    • Certificates - Current User/Personal/Certificates

  3. In the details pane, click the certificate that has Encrypting File System listed in the Intended Purposes column.

  4. On the Action menu, point to All Tasks, and then click Export.

  5. In the Certificate Export Wizard, click Next, and then click Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)

  6. Under Export File Format, ensure that the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box is selected, and then click Next.

  7. In Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.

  8. In File name, type a file name and path for the PKCS #12 file that will store the exported certificate and private key, click Next, and then click Finish.

Notes

  • To open Certificates, click Start, click Run, type certmgr.msc, and then click OK.

  • If more than one certificate has an intended purpose of Encrypting File System, each certificate should be backed up individually. This will help to ensure that all encrypted files can be accessed when necessary.

  • Strong protection (also known as iteration count) is enabled by default in the Certificate Export Wizard when you export a certificate with its associated private key.

    Strong protection is not compatible with older programs, so you must clear the Enable strong protection check box if you are going to use the private key with any browser earlier than Microsoft Internet Explorer 5.0.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Display certificate stores in Logical Store mode
Import a certificate