ORC ECA Header Image
    Creating an Backup Copy (Exporting) of Your Enrollment Key Pair- MSIE 5.5 and higher

 
 

 

Print this page for reference.
View/Download these instructions as a .pdf file.

 
The Enrollment Key Pair is created when you make an on-line request for a certificate. There will be one Enrollment Key Pair for each certificate request that you have made. Your computer will look for this Enrollment Key Pair when you attempt import the issued certificate from the certificate server. This Enrollment Key Pair is NOT YET a certificate; it is, rather, the 'foundation' of the certifcate (i.e. - the Enrollment Key Pair will become the certificate). It has real value prior to your certificate being issued. (But after you have made a successful backup copy of your issued certificate, that file will be the preferred method of certificate backup and restoration.)

This procedure is recommeded for Subscribers that:
  • Have had certificates with a non-exportable Private Key
  • Anticipate a major change or upgrade to their computer, operating system, profile, domain, etc. before they will be able to import their issued certifate and make a backup copy of their certificet
  • Want to confirm that the Enrollment Key Pair for their certificate request is fully functional.

A successful backup of the Enrollment Key Pair will confirm:
  • that the Private Key for your furture certificate is fully functional
  • that you have set a password on your furture certificate's Private Key
  • that you and your computer agree on what that password is
  • that you have an 'insurance policy' for the success of the entire certificate procedure (The ECA Help Desk can solve nearly every problem if you have a backup copy of your certificate Enrollment Key Pair.)
 

1. Click on the "Start" button for your computer.

2. Select "Run" from the list.

3. Type in "mmc" and click the "OK" button.
 
Run the MMC
 

4. Select "Add/Remove Snap-in" under the main "Console" button for Win 2000 menu, or "File" button for Win XP menu.

Select Add/Remove Snap-in
 

5. Click the "Add" button.
 
Select Add/Remove Snap-in
 
6. Select "Certificates" in the pop-up window and click "Add".
 
Add the Certificate Snap-in
 

7. Ensure that "My User Account" is selected and click "Finish".

NOTE: If this dialogue box does not appear, go on to Step 8.
Add the Current User account
 

8. Click "Close" to close the "Add Standalone Snap-in" window.

9. Click "OK" to close the "Add/Remove Snap-in" window.
 

10. Click the plus sign to expand the"Certificates - Current User" entry.

11. Click the plus sign to expand the "Certificate Enrollment Requests" entry.
Add the Current User account
 

12. Select the "Certificates" folder under the "Certificate Enrollment Requests" entry.

NOTE: There should be two files named "caUserCert_keyPair" and "caEncryption_keyPair" if you have requested both certificates.
 
Select the Key-pair Entries
 

13. Right Click on the "caUserCert_keyPair" entry and select "All Tasks" then "Export...".

NOTE: It is at this point that if you have also requested an Encryption Certificate and you are following this same process for saving your Encryption Certificate Enrollment Key Pair, that you would need to right click on the "caEncryption_keyPair" entry and select "All Tasks" then Export...".
 
Select All Tasks then Export
 
14. Click "Next" in the "Certificate Export Wizard" pop-up window.
 
Click Next
 
15. Ensure that "Yes, Export the Private Key" is selected and click "Next".
NOTE: If you can not select Yes, Export the Private Key, STOP! The Private Key for this certificate Enrollment Key Pair has already been marked as non-exportable. That means that you will not be able to make a backup file of a certificate that might be issued against this Enrollment Key Pair. Contact the ECA Help Desk.
 
Export the Private Key
 

16. Make sure that "Personal Information Exchange" and "Enable Strong Protection" are selected.

17. Then click "Next" on the "Export File Format" screen.
 
Select the default format and click next
 

18. Enter a Password to protect the file being created.

NOTE: ORC Recommends that you use the same password here that you created when you requested the certificate.
 
Enter your password
 
19. Click "Browse" and select where you want to save the operational copy of your private key(s); Make sure that you are the only person with access to your private key copy.
 
Click the Browse.. button
 

20. ORC's recommended filename convention is "yourlastname_Enroll_ID" (Or "yourlastname_Enroll_EN" for an Encryption Certificate Enrollment Key Pair).
 
Enter filename
 

21. Click "Save".

22. Click "Next".
 
23. Click "Finish" to complete the saving of your private key.
 
Confirm the information and click finish
 

24. A pop-up window will ask for the password that you created when you requested your certificate. Enter the password.

25. Click "OK".
 
Enter your current password
 

26. Another window should appear stating, "The Export was Successful".

27. Click "OK" to close this window.
 
Click Ok
 
 
Encryption Certificate:
 
If you purchased an Encryption Certificate , please follow the instructions you used above for saving the Identity Certificate private key, but instead Right Click on the "caEncryption_keyPair" entry and select "All Tasks" then "Export...".
 
Start over with the Encryption Certificate
 

Return to Last Page    

 

 
 
É