(DC) [Windows] Back Up or Move Digital Certificate
When you export/download a digital certificate, you will receive both public and private keys. The public keys are the ones that you will use to sign and encrypt emails. The private keys are the ones that will be stored on your computer. You should never share the private key(s).
WARNING: If someone else has access to your private keys, they can impersonate you or read your encrypted emails.
Creating a backup copy
Your personal digital certificate will be stored in Stache. You can however elect to store it elsewhere. There are several options:
Burn the contents to a CDROM
Copy the files to portable media such as a Flash drive
Copy the files to UTBox, which is approved for the storage of sensitive information.
Regardless of which medium you wish to store your certificate and private key, remember to secure the medium.
Do not ask anyone else (such as desktop staff) to store or keep copies of your certificates. This is a security risk and not approved by ISO.
WARNING: If someone else has access to your private keys, they can impersonate you or read your encrypted emails.
Windows 7 / 8.1
Select Start (or press the Start icon) and search for certmgr.msc or Certificate Manager.
Find your certificate under "Personal - Certificates"
Right-click your certificate and select "All Tasks... - Export..."
In the Certificate Export Wizard window, click Next.
You will have the option to export your private key with the certificate (if available). Choose to export the private key if you are creating a backup or moving the files to another device where you want to sign/encrypt data.
Exporting w/o Private Key
If you chose not to export your private key, click Next and select the DER Encoded binary X.509 format, enter a file name, Click Next again.
Exporting w/ Private Key
If you choose to export you private key, click Next and select the Personal Information Exchange - PKCS #12 (.PFX) format. Choose the additional following options:
Select "Include all certificates in the certification path if possible"
Clear "Delete the private key if the export is successful" (this is not recommended)Click Next.
When prompted, create and enter a strong password and click Next.
Enter the name of the file you are exporting.
Choose the location and filename destination where you want to export your certificate and click Next.
Click Finish.
Windows 10 / 11
Select Start (or press the Start icon) and search for certlm.msc or Certificate Manager.
Find your certificate under "Personal - Certificates"
Right-click your certificate and select "All Tasks... - Export..."
In the Certificate Export Wizard window, click Next.
You will have the option to export your private key with the certificate (if available). Choose to export the private key if you are creating a backup or moving the files to another device where you want to sign/encrypt data.
Exporting w/o Private Key
If you chose not to export your private key, click Next and select the DER Encoded binary X.509 format, enter a file name, Click Next again.
Exporting w/ Private Key
If you choose to export you private key, click Next and select the Personal Information Exchange - PKCS #12 (.PFX) format. Choose the additional following options:
Select "Include all certificates in the certification path if possible"
Clear "Delete the private key if the export is successful" (this is not recommended)Click Next.
When prompted, create and enter a strong password and click Next.
Enter the name of the file you are exporting.
Choose the location and filename destination where you want to export your certificate and click Next.
Click Finish.