get mimikatz boot into recovery (with network) holding F8, to disable any and all malware checkers run mimikatz crypto::capi crypto::cng crypto::certificates /export crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE crypto::keys /export crypto::keys /machine /export
The password for the pfx files is mimikatz.
convert the pfx to pem
put in the user cert, ca and private (same).
openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_My_X_FOO_Bar.pfx -out keyStore.pem -nodes
(for just the private, no public, export with –nocerts)