Share via


How to: Export and Import a Public Key Certificate 

This procedure describes how to facilitate the setup of the encryption examples. This is done by exporting a public key certificate from the My certificate store, without exporting the private key, and then importing that public key certificate into the AddressBook certificate store.

To set up the following examples, first follow the setup instructions in that example topic. Those instructions suggest the use of the procedure in this topic to position one or more of the generated public key certificates into the AddressBook certificate store.

To run the preceding examples on a single computer, the following is required:

  • Message recipient's key certificate in both the AddressBook certificate store and the My certificate store

  • Message recipient's private key be on that computer and associated with the public key certificate in the My certificate store

The examples first act as the sender of an encrypted message and later as the recipient of that same encrypted message. These two roles would usually be assumed by different entities that have unique public key credentials, often on different computers. When acting as the sender of an encrypted message, the examples require that the recipient's certificate be in the AddressBook certificate store. When acting as the recipient of an encrypted message, the examples require that the recipient's certificate be in the My certificate store, and that the corresponding private key be on that computer.

Set up these examples by using the Makecert.exe utility, one of several ways to do so. Certificate Creation Tool (Makecert.exe) is a convenient utility for generating test certificates. In a production environment, certificates are generated by a certification authority.

The following Makecert command generates the required public key certificate and the private key of an entity with the certificate subject name "Recipient1". The certificate is placed in the My certificate store.

Makecert -n "CN=Recipient1" -ss My

The following procedure shows how to set up the certificate stores to satisfy these requirements. First, the recipient's certificate and private key are generated, and the certificate is stored in the My certificate store. The certificate is then exported from the My store and imported into the AddressBook store.

To export the public key certificate from the My certificate store

  1. Open Internet Explorer.

  2. On the Tools menu, click Internet Options, and then click the Content tab.

  3. Click the Certificates button.

  4. On the Personal tab, select the certificate where "Recipient1" is listed under Issued To. (The Personal tab lists the certificates in the My certificate store.)

  5. Click Export. (This opens the export wizard.) Click Next.

  6. Click No, do not export the private key, and then click Next.

  7. Click Next to accept the default export format.

  8. Type or browse to a file name for the exported certificate, click Next, and then click Finish.

To import the certificate into the AddressBook certificate store

  1. In the Certificates dialog box, click the Other People tab. (The Other People tab lists certificates in the AddressBook certificate store.)

  2. Click Import, and then click Next.

  3. Type or browse to the location of the file name where the exported certificate was stored, and then click Next.

  4. Click Next to accept the placement of the imported certificate in the Other People certificate store. Click Finish, and then click OK.

See Also

Tasks

How to: Envelope a Message for One Recipient
How to: Envelope a Message for Multiple Recipients

Concepts

How to: Sign and Envelop a Message

Other Resources

Supporting Tasks for Using System.Security.Cryptography.Pkcs