IDES Interactive Knowledge Base

Exporting a Single Certificate

Last Updated: Feb 24, 2015 10:21AM CST

Procedure to take a range of certificate files, in various states and formats, and export a single X509 certificate from it for use in the IDES Enrollment website. 

This procedure can be used when a certificate contains more of the certificate chain than expected, such as a “Stacked PEM”, or when a user only has a .pk7b file or a similar file with extra information.
This procedure should work on Windows 8 and 7, and may have similar variations in other operating systems.

Preparation – Determine the type of file you are dealing with
·         This will often be a three character piece at the end of the file name such as:
o   .txt
o   .crt
o   .cer
o   .der
o   .pem
o   .pkcs7
·         If you cannot see the file extensions:
o   Right-click on the file in question and choose “Properties”
o   Look for “Type of file:” – this will show the file extension in parenthesis on the right
§  Example: “Type of file: CER File (.cer)” – in this case “(.cer)” is your file extension.

Option 1 – If you have a “.cer” or “.crt” file
1.       Right-click this file and choose “Open”
2.       You should see a certificate pop-up like this:
a.       Certificate Procedure Screenshot 1
3.       Click the “Details” tab of the pop-up, and look for the “Copy to File” button, which should look like this:
a.       Certificate Procedure Screenshot 2
4.       STOP and jump down to “Export Certificate Wizard” step below

Option 2 – If you have a .p7b file
1.       Right-click on the file in question and choose “Open”
2.       You will see a certificate management pop-up that looks like this:
a.       Certificate Procedure Screenshot 3
b.      Select the bottom-most certificate (highlighted above)
c.       Go to “Action” (highlighted above) > “All Tasks” > “Export”
d.      STOP and jump down to “Export Certificate Wizard” step below

Option 3 – If you have any other certificate file (.pem, .der), or if you had trouble with any Options above:
1.       Go to "Start" menu > "Run"
2.       In "Run" box, enter "mmc" and OK
a.       Answer "Yes" if you are asked whether to allow program to make change to the computer
3.       Go to "File" > "Add/remove snap-in"
4.       Choose "Certificates" > "My user account"
5.       Click OK in parent window
6.       Expand "Console Root" > "Certificates - Current User" > "Personal" > "Certificates" and it will show a list which may or may not be blank.
7.       Go to menu "Action" > "All Tasks" > "Import"
a.       Wizard will start - walk through the steps to import the certificate that's not working
b.      Browse and select the cert that's not working
c.       Import to personal store
d.      You should see it appear in the list of certs
8.       STOP and jump down to “Export Certificate Wizard” step below

Export Certificate Wizard – Exporting your end certificate file
1.       You will see the start of a “Certificate Export Wizard” (click “Next”)
Certificate Procedure Screenshot 4

2.       Choose the export format.  Choose either:
a.       "DER encoded binary X.509 (.CER)"
b.      "Base-64 encoded X.509 (.CER)"

Certificate Procedure Screenshot 5
3.       Choose where to save the file you will export
Certificate Procedure Screenshot 6

4.       Confirm your selections
Certificate Procedure Screenshot 7

5.       The file you have exported should be the single end certificate, and should work on the enrollment site.
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found