Backing-up & Storing EFS Certificates

Favorite Article   

Related Article

Encrypting Files & Folders with Microsoft Windows EFS

General Information

To prevent data loss when using Encrypting File System (EFS), the EFS certificate(s) should be backed up and stored in a safe place.

NOTE: There might be more than one EFS Certificate per user account. If you are unsure, repeat the steps below to backup ALL EFS Certificates and store them in a safe place.

Back Up & Store EFS Certificates

1. Launch certmgr.msc.

  • Windows 7:  Click Start, and type certmgr.msc in the search field. Press Enter.
  • Windows 8 / 8.1:  Click Start button, and type certmgr.msc into the search bar. Press Enter.
  • Windows 10: Type certmgr.msc into the search bar next to the Start window. Press Enter.

2. Under "Certificates - Current User" in the sidebar to the left, expand out the first folder listed named "Personal" and click on "Certificates".

3. On the right pane, look for certificates with "Encrypting File System" in the Intended Purposes column.

  • If you are unsure, repeat the steps in this article to export out all Encrypting File System (EFS) Certificates.

The Microsoft certificate folder under Personal > Certificates

4. Right-click on one of the Encrypting File System (EFS) Certificates, then hover over All Tasks at the second menu option, which shows another menu to the right. Move to the newly opened menu and click on Export... at the bottom option.

the all tasks > export option in right click menu

5. Click Next at the bottom right of the Certificate Export Wizard welcome screen.

the certificate export wizard start window

6. Select "Yes, export the private key" in the top middle of the window, then click Next at the bottom right.

  • ** It is Very Important to Export the Private Key !! **

select the option to export key

7.  Choose Personal Information Exchange, the fourth option listed in the Export File Format section, then click Next at the bottom right.

select personal information exchange from the options listed

8. Enter and confirm a password in the text boxes in the middle of the window to protect the certificate, then click Next at the bottom right.

  • Please choose a strong password.

Type & Confirm Password screen

9. Click the Browse... or type in the path to save the exported certificate, then click Next at the bottom right.

browsing for the file to export a windows certificate

10. A window stating that the export was successful should appear. Click OK.

export complete window

11. Save the exported Certificate in a safe place.

  • Important:  Remember that anyone with the Certificate and the Password can decrypt the EFS Encrypted File(s).


7/24/2018 7:31:36 AM