A new feature available to Windows 8 and Windows Server 2012 is to utilize Active Directory Domain Services (AD DS) accounts to protect the private keys contained within digital certificates in PKCS#12 (PFX) format. This is useful for the export, import,
and sharing of digital certificates as PFX files. For example, a single PFX file could potentially be shared among multiple web servers in a web farm. Prior to Windows 8 and Windows Server 2012 you were given the opportunity to provide a password when exporting
a certificate as a PFX file. Windows 8 and Windows Server 2012 provide a new dialog box when exporting a certificate that allows you to secure the file to an AD DS account, such as a group.
Return to top
There are several requirements that must be in place for this feature to work:
Note: There is not a specific Active Directory forest or domain schema level required for this feature. However, you must have at least one Windows Server 2012 domain controller in the forest in order to utilize the option to protect the
PFX to an AD DS account.