How can I export a certificate from MMC as a PFX file?

The Certificates snap-in really doesn't like to export PFX certificates, but PowerShell is happy to. You can use the Export-PfxCertificate cmdlet.

1. Go to the certificates pseudo-drive by typing cd cert:\ at the PowerShell prompt.
2. Type cd CurrentUser or cd LocalMachine as appropriate for where the certificate is. You may need to launch PowerShell as admin to export a machine certificate.
3. cd into the appropriate store (a dir may help). The Personal store in MMC is called My here.
4. Use dir to identify which ID corresponds to the certificate you want.

5. Type this command to export it as a PFX with a password:

   Export-PfxCertificate -Cert .\LONGSTRINGOFHEX -FilePath 'C:\path\to\outfile.pfx' -Password (ConvertTo-SecureString -String 'password' -AsPlainText -Force)
   

   LONGSTRINGOFHEX should be replaced with your certificate's ID. Fortunately, you can use tab completion on that.

Once that command executes, you have a PFX certificate protected with the password you supplied. PowerShell refuses to export the certificate's private key without a password, and the password can't be blank. Nevertheless, your PFX is out.

My problem was that I had created the CSR file on one machine and then tried to create the pfx file on another (Windows 10 had done an update overnight and locked me out of the first machine). Both the CSR and the pfx file need to be created on the same machine.