Hi there I just setup a shielded VM on my Windows 11 business edition and this is how I export and import the certificates using PowerShell:
# export Host Guardian service certificates with private keys and all the extended properties
$password = ConvertTo-SecureString -String "Pa$$WorD" -Force -AsPlainText
Get-ChildItem -Path "cert:\LocalMachine\Shielded VM Local Certificates\" | Export-PfxCertificate -FilePath "C:\Users\Admin\OneDrive\Desktop\HostGuardianServiceCerts.pfx" -Password $password -CryptoAlgorithmOption AES256_SHA256
# Import the certificate with private keys NOT exportable
Import-PfxCertificate -FilePath "C:\Users\Admin\OneDrive\Desktop\HostGuardianServiceCerts.pfx" -CertStoreLocation 'Cert:\LocalMachine\Shielded VM Local Certificates' -Password $password
Here is more info about the commands:
I think it's best if you first export the certificates with private keys and keep them in a safe place, then delete them from certificate store, import the certificates, without private keys, to both nodes of the cluster running Hyper-V.