skip to Main Content

Export Let’s Encrypt certificate in Windows Server

In a previous article, we installed Let’s Encrypt in Exchange Server. Everything is working great on the Exchange Server and a secure connection is showing when accessing the OWA URL. What if you have more than one Exchange Server running in the organization? In this article, you will learn how to export Let’s Encrypt certificate in Windows Server step by step.

You like to export the Let’s Encrypt certificate private key and import it on the other Exchange Servers. You first need to import the private key. This way you will be able to export the Let’s Encrypt certificate in Windows. The next step is to export the certificate.

Let’s Encrypt SSL certificate is not exportable

It’s good to know what is happening if you don’t have the private key installed. Let’s see it in action.

Start MMC (Microsoft Management Console) and add the certificate snap-in. Right-click the Let’s Encrypt certificate and click All Tasks. Click Export

Lets Encrypt export certificate private key export option

The certificate export wizard is showing. Click Next.

Lets Encrypt export certificate private key welcome export wizard

The option we need is Yes, export the private key. We can’t select the option to export the private key because it’s greyed out. Click Cancel to go back.

Lets Encrypt export certificate private key not exportable

In the next step, we are going to import the private key. When imported, we will do the same step as we just did. This time we will be able to select the option to export the private key. More on that later in the article.

Find private key password in Win-ACME

Before we can import the private key on the system, we have to get the certificate password. The certificate password can be found in the Win-ACME client.

Go to the Win-ACME folder and start the Win-ACME client. Select A to manage renewals and press Enter.

Select D to show the renewal details and press Enter.

Find the certificate .pfx password and copy the password. In my example it’s n8LVJLxx2vQrC3QB2G7cn/mdeMK/RyGMBt8ECq8GYjs=.

Now that we have the password for the private key, we can import the certificate in the system.

Import private key in Windows

Open the following path to find the certificate.

Double-click the certificate to start the certificate import wizard.

Select Local Machine and click Next.

The file name path will be filled in automatically. Click Next.

Paste the private key password that you copied in the earlier step. Check both of the checkboxes:

  • Mark this key as exportable. This will allow you to back up or transport your keys at a later time.
  • Include all extended properties

Click Next.

Lets Encrypt export certificate private key password

Click Next to automatically select the certificate store based on the type of certificate.

Click Finish to complete the certificate import wizard.

Certificate import was successful. Click OK.

The next step is to export the Let”s Encrypt certificate. Remember at the beginning of the article, we couldn’t export the certificate because of the private key not being exportable. Will we be able to select the option now?

Export Let’s Encrypt certificate to PFX

Click the refresh button in the toolbar, if you already have the MMC console open. If you want, you can close the MMC and start a new session.

Start MMC and add the certificate snap-in. Right-click the Let’s Encrypt certificate and click All Tasks. Click Export

Click Next.

Export is this time selectable. Click Yes, export the private key and click Next.

Lets Encrypt export certificate private key export

Check the following checkboxes:

  • Include all certificates in the certification path if possible
  • Export all extended properties
  • Enable certificate privacy

Click Next.

Lets Encrypt export certificate private key export file format

Select the checkbox Password. Fill in a secure password that will protect the certificate. You will need the password when importing the certificate. Click Next.

Lets Encrypt export certificate private key security

Click Browse and select a folder that you want to place the certificate in. In my example, it will be in the folder Certs on the C: drive. Make sure to write the name including PFX format.

Click Finish to complete the certificate export wizard.

The certificate export was successful. Click OK.

Lets Encrypt export certificate private key finished succesful

Start File Explorer and browse to the exported certificate. This is the exported Let’s Encrypt certificate including the private key.

Lets Encrypt export certificate private key file explorer

Let’s Encrypt certificate private key is successfully exported in Windows Server. Now that you have the certificate you can import the certificate in another Exchange Server.

Conclusion

In this article, you learned how to export Let’s Encrypt certificate private key. It’s good to export the certificate and import the certificate on other  Exchange Servers. Find the password by starting the Win-ACME client. Install the private key with the password. After that, the certificate is exportable. You should not request a certificate per Exchange Server. One certificate can be installed on all the Exchange Servers.

I hope you enjoyed this article. You may also like Outlook search bar moved to top. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect and IT Consultant. His specialism is designing and building complex enterprise environments. He started Information Technology at a very young age, and his goal is to teach and inspire others. Connect with ALI TAJRAN on social media. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top