Export and import certificates in various repositories

Programs using S/MIME certificates in Windows use the system certificate store on the system. On the other hand, Mozilla products use their own repository (each program separate). This guide describes how to export from one repository and import it into another.

The certificates used by the programs and the operating system are stored in the certificate store. These are divided into several groups:

  • Windows storage and OS in general
  • Apps from Mozilla
  • Linux, Unix

Certificates stored in the repository can be seen by the applications that use them. In MS Windows environment virtually all applications use system storage. The only exception is Mozilla Firefox and Thunderbird, which have their own storage (not shared by each application) and their own list of trusted root CAs.

If the S/MIME certificate is imported in Firefox, you can use it in this program. Outlook or Chrome won't see it and if you want to use it in these programs, so you need to export from the Firefox repository and import it into the system repository.

Export the S/MIME certificate from the Windows store

You can access the Windows certificate store through the MMC. Run it via Start (or Run -> MMC or certmgr). Then add Certificates module, confirm the default options and display the list of certificate folders.

Windows certificate store
Windows certificate store

The Personal folder contains personal certificates intended for S/MIME and electronic signature or for authentication. You'll see DigiCert S/MIME certificate in this folder, if collected with Internet Explorer.

Right-click on a particular certificate to see the Export option. This will bring up the Certificate Export Wizard.

Export the certificate from MMC
Export the certificate from MMC

You will be asked to confirm several options in the export wizard.

Be sure to select the option to export the private key (WITHOUT deleting it) at the beginning of the wizard. Otherwise, the export will be incomplete.

Export the private key as well
Export the private key as well

In one of the last steps you choose the password to save the certificate in PFX. This password will protect the private key against abuse and should not be easy!

Choose a password for the PFX
Choose a password for the PFX
¨

S/MIME certificate export from Firefoxu or Thunderbird

The procedure for exporting a certificate from Firefox or Thunderbird is different because they do not use Windows system storage and each program has its own separate repository.

Open the Settings (Preferences) and Certificate Manager dialog. It shows in several tabs lists of certificates by type. In personal certificates you can see an overview of S/MIME certificates in the store.

Click the Backup button to export the certificate for backup. The export is saved in PKCS12 format, which is a PFX file. You can keep it safe as a backup (for example, in case you reinstall your computer) or use it for importing to another computer or another program (Outlook).

Certficate manager in Firefox/Thunderbird
Certficate manager in Firefox/Thunderbird

Import the S/MIME certificate into the repository

In the previous paragraphs you can see the exact procedure for exporting S/MIME certificates from the repositories. Importing is the same, just the reverse operation.

In Windows cert store right-click anywhere in the personal certificate store and select All Tasks -> Import. You will be prompted to import a PFX certificate (PKCS12).

Certificate import in Windows
Certificate import in Windows

V úložišti Mozilly (Firefox, Thunderbird) najděte nastavení aplikace a tam úložiště certifikátu. Ve Firefoxu je například (v době psaní článku) v Předvolby -> Soukromí a zabezpečení dole oddíl Certifikáty a tlačítko Zobrazit certifikáty.

In the Mozilla repository (Firefox, Thunderbird) , find the application settings and the certificate repository is there. For example, in Firefox (at the time of writing an article) in Preferences -> Privacy & Security, there is a Certificates section and a View Certificates button.

Certificate import in Firefoxu
Certificate import in Firefoxu

You will then see the certificate manager and the individual tabs contain the certificates according to their purpose. For example, S/MIME certificates are in the Personal category.

Certificate import to Firefoxu
Certificate import to Firefoxu

Click Import to import the certificate. After a successful import, its details can be seen in the relevant section.

Please feel free to contact our customer support, who will help you with any problem.