As I continue to work with Exchange, I came to a point where I needed to export the private key from a certificate to complete a request with a 3rd party Certificate Authority.
I did some quick research for how to do an export of a private key from a Certificate Enrollment Request Certificate found in my local Exchange Server’s local computer certificate store.
I exported the certificate with the private key and all extended properties.
What I ended up doing was downloading Openssl for Windows, and installing it on my C: drive of my Exchange lab server.
Once installed I opened the Windows CLI and navigated into the directory.
I was able to successfully export the key by running a command similar to this one:
openssl pkcs12 -in myfile.pfx -nocerts -out private_key.pem -nodes
Since you must have a password to obtain the private key, I was prompted to enter the password associated with the certificate file.
After successfully entering the password I was able to find my .pem file which I opened with notepad and was able to copy and paste to the GUI of the 3rd party CA I wanted to use.