With a digital certificate we will gain time, time that we can use to be more productive in our work, to be with our family, friends or whatever we want. But, once we have downloaded this certificate, do we know how to install it correctly or export it? Let’s see how to do all this for devices that have Windows as an operating system.
Digital certificates have greatly facilitated the lives of individuals and companies, avoiding long waits to complete an administrative procedure and accelerating the digital signature of documents.
In order to enjoy the benefits of using a digital certificate issued by a Certification Authority in Windows, we will need to know certain indications by which we can install it and / or create backup copies. We will describe them below.
Differences between installing and exporting a digital certificate
First of all we must clarify what each process consists of in order to get an idea of what it is that differentiates them.
It is very simple. When we are installing or importing a digital certificate, we are saving in the browser all the necessary computer files so that it works correctly. On the other hand, exporting a digital certificate usually implies making a backup copy of it. With this copy we can use it on another device, store it in another place, such as a pen drive, or install it in another browser.
Install a digital certificate in Windows
Previous considerations
Before starting with the proper installation of the digital certificate, we must ensure that the browser is ready to carry it out successfully.
We will start with the verification that we have the latest version and update it in case the answer is negative.
In addition, during the installation, we must not update the equipment, or change the browser or user, since we will be at risk that the system suspects that we are supplanting an identity and stop the process. It is also recommended to disable antivirus.
Installing a digital certificate in Windows
The first thing we will have to do is identify which certificate we want to install. These are easily identifiable; we will only have to pay attention to the file extension, which will be .pfx or .p12.
Once located, we double click and, automatically, Windows will show us a wizard for the installation of the certificate. We can also run the wizard directly using the following sequence: Start> Run and typing “certmgr.msc”.
The first thing this wizard will ask us is if we want the certificate to be available to the user who is currently logged in or to the entire team. For security reasons we recommend the first option.
Next we will have to specify the path in which the certificate is located, either by writing it or by clicking on “browse” and browsing through the different folders.
Once this is done, the Windows assistant will ask us to enter the password that protects that certificate. This password is usually provided when the digital certificate is downloaded from the certification authority’s website. If it is a certificate that has been imported, we must write the password we set when exporting it.
Several selectable options appear in the same window, we proceed to explain them:
- Enable secure private key protection. If we activate it, we will be notified each time the certificate is used. At the end of the installation we will be offered several security options in this regard, such as implementing a second password or simply sending said notification.
- Mark this key as exportable. It will allow making all the copies of the certificate that we want. This choice cannot be modified later.
- Include all extended properties. We leave it selected.
The next screen will show us where we want to store the certificate. In this case we will let Windows automatically choose where to do it, since if you try to do it manually and the chosen store does not correspond to the one that according to Windows should be, it will not allow performing the action.
Automatic storage will be done depending on the type of digital certificate. The available stores are:
- My certificates: here will go those that have private key.
- Other people: if you only have a public key.
- Trusted entities: if it is a root certificate, they usually have a .crt extension.
Finally, the assistant will present a final window where a summary will appear with the installation data. Once reviewed and verified that everything is correct, we will press the end button to have our digital certificate installed on the computer.
Export a digital certificate in Windows
Making a backup of our digital certificate is vital to avoid having to go through the process of getting a new one in case we lose it for any reason.
The steps to follow to export a digital certificate will depend on the Internet browser in which it is installed. Although these are very similar procedures, there are slight differences between them.
Export a digital certificate with Google Chrome
To export a certificate with Google Chrome we will have to click on “Customize and Control Google Chrome”, represented by 3 points in the upper right corner of the browser / Settings.
Let’s go to Settings> Advanced Settings> Privacy and Security> Manage Certificates. In the window that opens we select the certificate to export and press the “Export” button. Then a Windows wizard will open to export certificates.
Once in the wizard, the first thing we will have to do is decide if we want to export the private key, if it is exportable, or not. If we want to use the certificate on another device, we must do so.
Subsequently, the format must be selected:
- Personal Information Exchange Format: if the certificate has a private key, in this case we will have to write that password.
- Message Encryption Syntax Standard: if you want to export several certificates from one file from one computer to another.
- Binary DER format coded X.509: if the certificate is to be used in more than one operating system.
Finally, the certificate stores in a file created during the export. File that we will have to name and decide in which folder to locate it.
Export a digital certificate with Mozilla Firefox
To perform the export in Mozilla Firefox press the upper right button on which 3 horizontal lines are represented. Next we go to Options> Privacy & Security> Certificates> See certificates.
Select the certificate to export and click on “Make copy”. We name the file in which the certificate is to be saved, as well as its location. If the certificate consists of a private key, we will have to enter it.
Export a digital certificate in Internet Explorer
In the case of wanting to export a certificate that is in Internet Explorer we must go to Tools> Internet Options and, within that window, to the “Content” tab, click “Certificates” and go to the “Personal” tab.
From the list of certificates that will appear, we look for the one we want to export, click on it with the right mouse button and select “All Tasks”> “Export”.
At that time we will open the same assistant as in the case of Google Chrome. This is because the Google browser uses the Internet Explorer certificate store.
We hope that with this simple guide you will find it easier to install and export a digital certificate on Windows devices, regardless of the browser you usually use to perform administrative procedures.