Mks IT ramblings: To export the private key of a token-signing certificate

Thursday, November 24, 2011

To export the private key of a token-signing certificate

http://technet.microsoft.com/en-us/library/cc784075(WS.10).aspx

Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Right-click Federation Service, and then click Properties.
On the General tab, click View.
In the Certificate dialog box, click the Details tab.
On the Details tab, click Copy to File.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, select Yes, export the private key, and then click Next.
On the Export File Format page, select Personal Information Exchange = PKCS #12 (.PFX), and then click Next.
On the Password page, type and confirm the password that is required to share the token-signing certificate. You will need this password when you select the exported token-signing certificate when installing the Federation Service.
On the File to Export page, specify the certificate file, and then click Next.
On the Completing the Certificate Export Wizard page, click Finish.

To export the public key portion of a token-signing certificate
http://technet.microsoft.com/en-us/library/cc737522(WS.10).aspx

Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Right-click Federation Service, and then click Properties.
On the General tab, under Token-signing certificate, click View.
In the Certificate dialog box, click the Details tab.
On the Details tab, click Copy to File.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, make sure that No, do not export the private key is selected, and then click Next.
On the Export File Format page, select DER encoded binary X.509 (.CER), and then click Next.
On the File to Export page, specify the certificate file in File name, and then click Next.

Search This Blog