How can use a X.509 certificate created on another computer?

I need to encrypt an XML file with a x509 certificate on one computer and be able to decrypt it with the same certificate on another computer. It doesn't seem to work for me like Microsoft suggests:

http://msdn.microsoft.com/en-us/library/ms229744.aspx

The decryption process always fails on another computer!

I create a certificate by using the following command:

makecert -r -pe -n "CN=DEEP_201X" -b 01/01/2011 -e 01/01/2014 -sky exchange -ss my deep.cer

Then I install it by using:

certmgr /add deep.cer /s root

And try to get its private key with the FindPrivateKey.exe utility:

FindPrivateKey My CurrentUser -n "CN=DEEP_201X"

Works great. However, when I perform all the same actions to install the certificate on another computer FindPrivateKey will fail with

No certificates with key 'CN=DEEP_201X' found in the store.

when I use

certmgr /add deep.cer /s my

the error message will be like this:

Unable to obtain private key file name

Could someone please give me a piec开发者_运维百科e of advice on how to make it work?

I suspect that you only need the private key on the decrypting computer.

However...

If you really need the private key on both computers, be aware that The .cer file does not include the private key.

(I think) makecert adds it to the local machine when it generates the cert. You can write it out using the -sv option. Then build a pfx container for the certificate that contains it.

makecert -r -pe -sv myprivatekey.pvk -n "CN=DEEP_201X" -b 01/01/2011 -e 01/01/2014 -sky exchange -ss my deep.cer
pvk2pfx  -pvk myprivatekey.pvk -spc deep.cr -pfx deep_private.pfx

I haven't been able to convince certmgr to import private keys from the commandline. Use it in gui mode or use the certmgr.msc snap-in.