Caveat: you must be administrator
After having imported a certificate without checking
Mark this key as exportable. This will allow you to back up or transport your keys at a later time.
(which is generally a good idea), it suddenly becomes impossible to actually export the certificate, which is both obvious and very annoying when you lost the certificate or need to copy over a bunch of certificates for some reason.
But being an administrator gives you basically any permission on the machine, which would include exporting anything.
- Download mimikatz
Note that this sometimes is considered a penetration testing tool, with similar characteristics as a household virus. That means that virus scanners may scream bloody murder, including Windows Defender. So you probably need to either disable the scanner for now or create an ignored folder to extract mimikatz to.
Open a command prompt as an administrator
Execute these commands:
mimikatz crypto::capi crypto::certificates /systemstore:local_machine /store:my /export
/systemstore: also accepts "current_user"
/store: also accepts "root", among others.