Certificate management under Windows

Certificates enable you to communicate in encrypted form or to identify yourself (authenticate). Among other things, certificates come in the form of a file with the file extension crt, cert, pem, pf7, p12, pfx, der, p7b or p7c.

In this example, a p12 and a crt file are considered.

The p12 files (or pfx files) can be used to restrict access to a web server via the https protocol. In the example they contain the "badge" to authenticate with the web server. This certificate is encrypted with a password. It corresponds to an "access card" to a protected area.

Furthermore, the figure above shows a "crt-file" that provides the public part of the certificate to the issuing "certificate authority" (or "CA" for short). This certificate is not encrypted and can be
Personal certificate for authentication in the https protocol

You will receive such a file in the rules from the service provider by mail or as a download.

Save the file on your computer (e.g. in the "Downloads" folder) or open the file directly from the mail client attachment (Outlook in the example above).

If you have previously saved the file, open it by double-clicking on the file.

The certificate import wizard opens.

Certificates can be made available to anyone who logs on to this computer, then they belong in the certificate store "Local Computer" or just "Current User", i.e. the person who has just logged on to the computer.

Select "Current User" as "Certificate Store" and click "Next".

The file name (in the example a temporary folder, because I opened the attachment from Outlook) is shown above. Click on "Next".

You will be asked for the password that was used to encrypt the certificate. The password is also provided by the service provider that sent you the certificate.

Enter the password and click "Next".

If the password is correct, you will be asked for the certificate store where the certificate should be stored.

{xtypo_info}The default is "Select certificate store automatically (based on the certificate type)", which is usually OK, but the certificate from the example will be found later in the certificate store "My Certificates". {/xtypo_info}

I leave the setting as preset in the figure above and click on "Next".

A short summary is displayed. Click on "Finish".

The certificate is now imported.

Managing certificates under Windows

To find out where the certificate has ended up, open the application "Manage user certificates" under Windows (press the Windows key briefly ... Enter certificates ... Select the "Manage user certificates" application ... Alternatively, you can find the application in the Control Panel).

{xtypo_info}Key combination [Windows key] + [r] press... then enter "certmgr.msc" ... ENTER.{/xtypo_info}

I always use the Windows key and enter the application I want to open. Here is a video about it:

{mp4}certificate management-windows-01{/mp4}

You will now see an overview of the certificate stores. I should have automatically sorted the certificate we have just imported into the certificate store "Own certificates".

Applications such as browsers (e.g. Chrome, Edge, Opera or other browsers based on Chromium) use the "Windows certificate store" to identify themselves to the web server. This means that you should now open the page https://vc.edv-workshops.com ...

... the browser (in the figure above the Edge) will find the certificate and ask if it should use it for authentication. When I click OK, the page is displayed.

Note that the page does not exist on the public Internet and was created for this documentation only.

Further Information

A nice overview of the formats of certificates can be found at https://www.antary.de/2017/03/11/zertifikate-ein-ueberblick-der-verschiedenen-formate/?cookie-state-change=1591420997591