Importing a Host Certificate to the Windows Certificate Store

 

To import a host certificate and private key into the Windows Certificate Store, it’s easiest if you have them packaged together in PKCS12 format (.pfx or .p12). OpenSSL can combine a separate certificate (hostcert.pem or hostcert.cer) and private key file (hostkey.pem) into PKCS12 format using the pkcs12 command:

 

openssl pkcs12 -export -out hostcert.p12 -in hostcert.pem -inkey hostkey.pem

 

Once you have your certificate in PKCS12 format (for example hostcert.p12), you can use the Microsoft Management Console (MMC) to import it into the Windows Certificate Store. To launch this tool, take the following steps:

1. Start Menu, click Run… and type mmc
2. In MMC, File->Add/Remove Snap-in… and click the Add button
3. Select Certificates from the list of snap-ins and click Add.
4. Host certificates should go in the Local Computer store so choose the Computer Account radio button. Click Next and then Finish.

 

Once adding the Certificate Snap-In, your MMC console should look something like this:

 

 

Right click on the Personal folder and choose All Tasks -> Import… to bring up the Certificate Import Wizard.

 

The Certificate Import Wizard will walk you through the process of selecting a certificate file (a PKCS12 file) and adding it to the store. For the certificate to work with GridFTP.NET, you MUST check the Mark this key as exportable checkbox in the wizard.