Using a Windows environment to export the key
Perform the following steps if you are using a Windows environment to export the key:
- On the computer that has the certificate, launch MMC.exe and add the Certificates Snap-In for the certificate store that contains the certificate.
- Select the certificate and choose the option to export it.
- Follow the instructions in the Certificate Export wizard, selecting to export
the private key. Be sure to check these options:
- Include all certificates in the certification path if possible.
- Export all extended properties.
- Set a temporary password for encrypting the private key.
- Save the Personal Information Exchange (PFX) file and transfer it to the computer that is hosting the Security Token Service.
- On the computer that is hosting the Security Token Service, launch MMC.exe and add the Certificates Snap-In for the computer account of the local computer.
- In the Personal certificate store, import the saved certificate and enter the
temporary password.
- Do not mark the private key as exportable. This prevents the key from being copied from your computer.
- Select the Include all extended properties option.
Continue installing the Security Token Service.
Previous topic Issuing the token-signing certificate Next topic Installing the Security Token Service