Exporting a Certificate from Internet Explorer

Restriction: This topic applies only when the Enterprise Server feature is enabled.

To export a certificate from Internet Explorer in the appropriate format, ready for importing into Firefox:

  1. In Internet Explorer, click Tools > Internet options.
  2. Click the Content tab, and then double-click Certificates.

    This opens the Certificates dialog box.

  3. Click the Trusted Root Certification Authorities tab and find the certificates marked VeriSign. There are several notable features of these certificates:
    1. There are multiple certificates and each one is unique.
    2. These different types of certificates are used to confirm the trust of different types of identification certificates.
    3. Some of these certificates have passed their expiry date. However, they are still valid and should be present to prove the trust path for certificates that were signed during their working life span.
    4. Some of these certificates are direct replacements for expired or about-to-expire certificates.
    5. The life of the replacement certificates is typically far longer than that of the original certificates. Replacing certificates is problematic as it involves a significant amount of manual work and therefore distribution that is not often undertaken. To avoid the distribution complication it is in the interest of all identification certificate users to use certificates with a long life.
  4. Select a certificate and click Export.
  5. In Certificate Export Wizard, click Next.
  6. Choose the format required by your target browser. If you do not know the format required, you can generate a few of the most common formats and save them to different files, so that the correct format is available.

    Select DER encoded binary X.509 and click Next.

  7. Specify the %ProgramFiles%\Micro Focus\DemoCA\Verisign (Windows) or /opt/microfocus/DemoCA/Verisign (UNIX) as the name of the file to export to and click Next.
  8. On the final screen notice:
    • Export Keys is always "No” when handling CA root certificates.
    • Include all certificates in the certification path is always “No” when using file formats that cannot support multiple certificates. When using a server certificate signed by an intermediate CA you would usually export the complete chain of trust back to the fully trusted CARoot. In this case we would have chosen a different format at step 6.
    • File Format should match the filename extension in most cases,. Although there are times when various subformats such as .p7b and .p7c are interchanged to aid portability of the generated output file.
  9. Click Finish > OK and the file appears in the chosen directory.
  10. Close all the open Internet Explorers dialog boxes.