You may be using a Web browser that does not support standards for accessibility and user interaction. Find out why you should upgrade your browser for a better experience of this and other standards-based sites...

Dartmouth Home  Search  Index

Dartmouth HomeSearchIndex

 Dartmouth home page
Computing at Dartmouth
 

Home | Resources | Services | Support | About
Computing > Support >  Library >  Safe Computing > Defenses > Authentication > PKI >  

Moving Certificates Between Computers and Browsers

< Previous | Next >

Your private and public certificates are saved on the computer from which you enrolled in the PKI system. For the purposes of Web authentication, it is possible to enroll more than once, but this can be confusing for other uses of PKI, like encryption and digital signatures. In those cases, it is preferable to use the same private and public certificates on multiple Web browsers and computers. To move your PKI private certificate to another Web browser or computer:

  • Export the certificate to a file.
  • Transfer the file.
  • Then import the certificate into another configuration.

Because the applications of PKI rely on keeping your private certificate "private," the process for doing this keeps the information encrypted as it is being moved.

The Internet PKI standards define a format called PKCS #12 for transferring private and public certificates. (A PKCS #7 file is used to transfer public certificates only; not the private certificate.) PKCS #12 is supported by Safari 2.0 or greater, Netscape, Firefox, and Internet Explorer 5.5 or greater. On Windows, the file type .pfx is a synonym for the .p12 file type used by Netscape/Firefox. Some older versions of Windows need file extension definitions to be added for ".p12".

A PKCS #12 file includes a password-encrypted envelope to protect the private certificate. This password is used only for this file and has no connection to the password used to secure your certificates in your Web browser or operating system certificate storage. The password is created when you create the .p12 export file and must be provided to decrypt the contents when you import the file somewhere else. The certificate export and import functions are usually part of the user interface provided to manage certificates in Web browsers. Be sure to transfer the binary file by a method that doesn't mistakenly convert it to text. This is easy to do since the settings in many programs default to "text" files. The file can be e-mailed as a binary attachment, transferred as a binary file with FTP, or copied to and from a removable or shared disk. A copy of your certificate on a removable disk can be a useful backup if the hard disk on your computer fails.

Exporting and Importing Certificates

Instructions for the most common browsers are provided on the Getting a Certificate Web page. Web browsers that support personal PKI certificates will have similar features that should be easy to find.

Moving Versus Copying Certificates

If you really need to move a certificate from one browser to another, import it into the second browser, then delete it from the first browser. Or, you can leave the original copy of the certificate in both browsers and use it from either.

< Previous | Next >

08/29/08

Last Updated: 8/29/08