Procedure to take a range of certificate files, in various states and formats, and export a single X509 certificate from it for use in the IDES Enrollment website.
This procedure can be used when a certificate contains more of the certificate chain than expected, such as a “Stacked PEM”, or when a user only has a .pk7b file or a similar file with extra information.
This procedure should work on Windows 8 and 7, and may have similar variations in other operating systems.
Preparation – Determine the type of file you are dealing with
· This will often be a three character piece at the end of the file name such as:
· If you cannot see the file extensions:
o Right-click on the file in question and choose “Properties”
o Look for “Type of file:” – this will show the file extension in parenthesis on the right
§ Example: “Type of file: CER File (.cer)” – in this case “(.cer)” is your file extension.
Option 1 – If you have a “.cer” or “.crt” file
1. Right-click this file and choose “Open”
2. You should see a certificate pop-up like this:
3. Click the “Details” tab of the pop-up, and look for the “Copy to File” button, which should look like this:
4. STOP and jump down to “Export Certificate Wizard” step below
Option 2 – If you have a .p7b file
1. Right-click on the file in question and choose “Open”
2. You will see a certificate management pop-up that looks like this:
b. Select the bottom-most certificate (highlighted above)
c. Go to “Action” (highlighted above) > “All Tasks” > “Export”
d. STOP and jump down to “Export Certificate Wizard” step below
Option 3 – If you have any other certificate file (.pem, .der), or if you had trouble with any Options above:
1. Go to "Start" menu > "Run"
2. In "Run" box, enter "mmc" and OK
a. Answer "Yes" if you are asked whether to allow program to make change to the computer
3. Go to "File" > "Add/remove snap-in"
4. Choose "Certificates" > "My user account"
5. Click OK in parent window
6. Expand "Console Root" > "Certificates - Current User" > "Personal" > "Certificates" and it will show a list which may or may not be blank.
7. Go to menu "Action" > "All Tasks" > "Import"
a. Wizard will start - walk through the steps to import the certificate that's not working
b. Browse and select the cert that's not working
c. Import to personal store
d. You should see it appear in the list of certs
8. STOP and jump down to “Export Certificate Wizard” step below
Export Certificate Wizard – Exporting your end certificate file
1. You will see the start of a “Certificate Export Wizard” (click “Next”)
2. Choose the export format. Choose either:
a. "DER encoded binary X.509 (.CER)"
b. "Base-64 encoded X.509 (.CER)"
3. Choose where to save the file you will export
4. Confirm your selections
5. The file you have exported should be the single end certificate, and should work on the enrollment site.