You have an enterprise root certification authority （CA） that runs Windows Server 2008 R2.     You need to ensure that you can recover the private key of a certificate issued to a Web server.     What should you do（）

• A、From the ca， run the Get-PfxCertificate cmdlet.
• B、From the Web server， run the Get-PfxCertificate cmdlet.
• C、From the ca， run the certutil.exe tool and specify the -exportpfx parameter.
• D、From the Web server， run the certutil.exe tool and specify the -exportpfx parameter.