How to Generate .pfx Certificate Using Certification Authority(CA)

KB 1008: How to Generate .pfx Certificate Using Certification Authority(CA)

This article explain how can we generate .pfx format of the certificate using Certificate Authority.

Creating Certificate Template

We would need certificate with private key exportable. To create template in CA please follow the steps below:

  1. Connect to CA server.
  2. Open Server Manager > Tools > Certification Authority.
  3. Right click on Certificate Template and then click on Manage. 
  4. Scroll down till the point where you are able to see Web Server certificate template. Right click and select Duplicate Template
  5. Click on General tab and name this for example SVM Appliance Cert.
  6. Click on Request Handing and make sure you select Allow private key to be exported.
  7. Click on Cryptography  and change Minimum key size to 2048
  8. Click on Security tab and add server from where you would be generating request, then click on that server and make sure Enroll is check. 
  9. Click OK and close the Certificate Templates Console.
  10. Right click on Certificate Template and click on New > Certificate Template to Issue.
  11. Choose the certificate template you just created and click OK.

Creating Certificate 

Once this the above is done you are good to generate the certificate.

  1. Login to the server which you have added in security tab of the certificate.
  2. Press Windows + R from the keyboard to open Run window.
  3. Type mmc and click OK.
  4. Click File > Add/Remove Snap-in..
  5. Click on Certificates and then click on Add. Select Computer account and click Next followed by Finish at next window of Select Computer
  6. Click OK  on Add or Remove Snap-ins window.
  7. Explore Certificates > Personal > Certificates.
  8. Click on More Actions > All Tasks > Request New Certificate...
  9. At Certificate Enrollment window click Next followed by another Next.
  10. At Certificate Enrollment :: Request Certificates,select the created template and click on More information is required to enroll for this certificate...
      11. Drop down the Type window and select  Common name. Type in value (Should be FQDN of your SVM Server) and click on  Add.
The value should go to the right pane.                                                                                                                                                      


      12. Same way you would need to add  Country, Email, Organization, Organization unit, Locality. Once done, click on  OK. You would notice              the  More information is required to enroll for this certificate... would disappear.

      13. Click on  Enroll followed by  Finish.

Exporting .pfx File 

  1. In Certificate > Personal your new certificate is created.
  2. Right click on that certificate go to All Tasks > Export.
  3. Click on Next on Certificate Export Wizard window.
  4. Click on Yes, export the private key and click Next followed by Next without changing any value at next window.
  5.  Check Password and type in the password for this certificate (You would need this later whenever you need to use this private key) and click Next.
  6. Browse the location where you want to save the file, type in File name and click Save.
If you would like to import public key(.CER) format certificate, choose No, do not export private key and step 4.                                  

Author:  Fawad Laiq