get mimikatz boot into recovery (with network) holding F8, to disable any and all malware checkers run mimikatz crypto::capi crypto::cng crypto::certificates /export crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE crypto::keys /export crypto::keys /machine /export

The password for the pfx files is mimikatz. convert the pfx to pem put in the user cert, ca and private (same). openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_My_X_FOO_Bar.pfx -out keyStore.pem -nodes

(for just the private, no public, export with –nocerts)