Import a certificate

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To import a certificate

1. Open the Certificates console for the user, computer, or service you want to manage.

   Tip

   For instructions on creating a Microsoft Management Console (MMC) that allows you to manage the certificates of a user account, computer account, or service account, see the appropriate article from the following list

• Manage certificates for your user account
  
  
• Manage certificates for a computer
  
  
• Manage certificates for a service
  
  
• For more information on the Certificates console and changing View Options, see Certificates Console (https://go.microsoft.com/fwlink/?LinkID=209851).
  
  

2. Select a certificate store for the certificate type you want to import. For example, you might select the Personal store under Certificates (Local Computer).

3. On the Action menu, point to All Tasks and then click Import to start the Certificate Import Wizard.

4. Type the file name containing the certificate to be imported. (You can also click Browse and navigate to the file.)

5. If it is a PKCS #12 file, do the following:

   • Type the password used to encrypt the private key.

   • (Optional) If you want to be able to use strong private key protection, select the Enable strong private key protection check box.

   • (Optional) If you want to back up or transport your keys at a later time, select the Mark key as exportable check box.

6. Do one of the following:

   • If the certificate should be automatically placed in a certificate store based on the type of certificate, click Automatically select the certificate store based on the type of certificate.

   • If you want to specify where the certificate is stored, select Place all certificates in the following store, click Browse, and choose the certificate store to use.

Note

To perform this procedure, the view mode must be organized by Logical Certificate Stores. For more information on the Certificates console and changing View Options, see Certificates Console (https://go.microsoft.com/fwlink/?LinkID=209851).

You should only import certificates obtained from trusted sources. Importing an altered or unreliable certificate could compromise the security of any system component that uses the imported certificate.

You can import a certificate into any logical store. In most cases, you will import certificates into the Personal store or the Trusted Root Certification Authorities store, depending on whether the certificate is intended for you or if it is a root CA certificate.

Enabling strong private key protection will ensure that you are prompted for a password every time the private key is used. This is useful if you want to make sure that the private key is not used without your knowledge.

To open the Certificate Import Wizard, you can open Windows Explorer. Then, in the cases of DER (.cer), Base-64 (.cer), and PKCS #7 (.p7b) files, right-click the file and click Install Certificate. In the case of a PKCS #12 (.pfx) file, right-click the file and click Install PFX.

To open Windows Explorer, click Start, point to All programs, point to Accessories, and then click Windows Explorer.

The file from which you import certificates will remain intact after you have completed importing the certificates. You can use Windows Explorer to delete the file if it is no longer needed.

Information about functional differences

• Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Importing and exporting certificates
Manage certificates for your user account
Manage certificates for a computer
Manage certificates for a service
Display certificate stores in Logical Store mode
Export a certificate
Move a certificate