0
0



Windows servers use .pfx/.p12 files to contain the public key file (SSL Certificate) and its unique private key file. The Certificate Authority (CA) provides you with your SSL Certificate (public key file). You use your server to generate the associated private key file where the CSR was created.

You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup.

To backup, export, and move a SSL certificate from Windows IIS 8 to IIS 8  with its private key perform the following steps.

Step 1:  Create an MMC Snap-in for Managing Certificates on the IIS 8 system:

  1. Start > run > MMC.
    mmc
  2. Go into the Console Tab > File > Add/Remove Snap-in.
    mmc
  3. Click on Add > Click on Certificates and click on Add.
    mmc
  4. Choose Computer Account > Next.
    mmc export
  5. Choose Local Computer > Finish.
    mmc export
  6. Close the Add Standalone Snap-in window.
  7. Click on OK at the Add/Remove Snap-in window.

Step 2: Export/Backup certificate to .pfx file:

  1. In MMC Double click on Certificates (Local Computer) in the center window.
  2. Double click on the Personal folder, and then on Certificates.
  3. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
  4. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
    mmc export
  5. Choose to ‘Yes, export the private key
    mmc export
  6. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
    mmc export
  7. Enter a password you will remember.
  8. Choose to save file on a set location.
  9. Click Finish.
    mmc export
  10. You will receive a message > “The export was successful.” > Click OK.The .pfx file backup is now saved in the location you selected and is ready to be moved or stored for your safe keeping.

Step 3: Creating a MMC certificate snapin on the second IIS 8 system:

  1. Start > run > MMC.
    mmc
  2. Go into the Console Tab > File > Add/Remove Snap-in.mmc
  3. Click on Add > Click on Certificates and click on Add.mmc
  4. Choose Computer Account > Next.
    mmc export
  5. Choose Local Computer > Finish.
    mmc export
  6. Close the Add Standalone Snap-in window.
  7. Click on OK at the Add/Remove Snap-in window.

Step 4: Importing your backup .pfx file to IIS 8:

  1. Open the Microsoft Management Console (MMC).
  2. On the left pane, click Certificates.
  3. On the right pane, double-click Personal.
  4. On the right pane, right-click Certificates and select All Tasks > Import (this opens the Certificate Import Wizard). Click Next.
  5. Browse to the PKCS#12 (.pfx) file that you want to import and click Next.
  6. Enter the password used to secure the certificate for export and then click OK.
  7. To export the certificate again from this computer, select Mark the key as exportable.
  8. Select the option Automatically select the certificate store based on the type of certificate. (This ensures all the certificates in the certification path (Root, Intermediate, and Server) are stored in the proper place. Problems may occur if a certificate is placed in the wrong store.) Click Next.
  9. Click Finish. A message confirms successful import. Click OK. You should now see your certificate under the Personal Certificates store in MMC

Step 5: Assign and Bind the SSL certificate to your web site:

  1. Browse to your server name > Sites > Your SSL-based site.
  2. In the Actions pane, click Bindings.
    IIS 8 binding
  3. In the Site Bindings window. If there is no existing https binding, choose Add and change Type from HTTP to HTTPS.
    Note: If there is already a https binding, select it and click Edit.
    IIS 8 Binding
  4. From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site.
    IIS 8 Binding
  5. Click Ok.

Your SSL Certificate is now installed, and the website is now configured.

Additional Notes:

If you do not specify an IP address when installing your SSL Certificate, the same ID will be used for all virtual servers created on the system.

If you are hosting multiple sites on a single server, you can specify that the ID only be used for a particular server IP address.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or an organization that supports it.

Microsoft Support

For more information refer to Microsoft.

LoadingAdd to favorites


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.