Compare vSphere Editions

http://www.vmware.com/products/vsphere/compare

How to Import and Export SSL Certificates in IIS 5/6

Transferring IIS 5/6 Certificate Files

Background

Want an easier way to export? Our management & troubleshooting tool works on all Windows-based servers.

Windows servers use .pfx files to contain the public key files (your SSL Certificate files, provided by DigiCert) and the associated private key file (generated by your server as part of the CSR).

Since both the public and private keys are needed for an SSL Certificate to function, you need a .pfx backup to transfer SSL server security certificates from one server to another.

This page explains how to back up your certificate on a working server, import the certificate to another server, and then enable the certificate for use on the new server. If you have not yet installed the certificate files that you received from DigiCert on the server that generated your CSR, please see our IIS 5/6 installation instructions page.

Exporting/Backing Up to a .pfx File

1. On the Start menu click Run and then type mmc.
2. Click File > Add/Remove Snap-in.
   
3. Click Add > Certificates > Add.
   
4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
6. Right-click on the certificate you want to backup and select ALL TASKS > Export.
7. Choose Yes, export the private key and include all certificates in certificate path if possible. 
   Warning: Do not select the delete private key option.
8. Leave the default settings and then enter your password if required.
9. Choose to save the file and then click Finish. You should receive an "export successful" message. The .pfx file is now saved to the location you selected.

Importing from a .pfx File

1. On the Start menu click Run and then type mmc.
2. Click File > Add/Remove Snap-in.
3. Click Add > Certificates > Add.
4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
6. Right-click on the certificate you want to backup and select ALL TASKS > Import.
7. Follow the certificate import wizard to import your primary certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.

Enabling a New Certificate on a Server

1. On the Start menu, click Administrative Tools > Internet Information Services (IIS) Manager.
2. In the IIS manager, right-click the site that you want to use the certificate for and select Properties.
3. Navigate to Directory Security > Server Certificate. This will start the server certificate wizard.
4. If given the option, choose to Assign an existing certificate to the site and choose the certificate that you just imported.
   If you do not have that option, you should be asked what you want to do with the current certificate on the site. Choose the option to replace your current certificate.
5. Browse to the .pfx file that you created earlier and then finish the certificate wizard. You may have to restart IIS or the server for it to recognize the new certificate.

ref: http://www.digicert.com/ssl-support/pfx-import-export-iis.htm

DigiCert SSL Cert Util SSL Import/Export Instructions

Exporting an SSL Certificate from one Microsoft Windows Server for Importing in Windows

If you wish to export an installed SSL certificate from a Micrsoft server type and it's corresponding private key as a .PFX file to use either as a backup or for importing to another server follow the instructions below. 
If you need your SSL Certificate in Apache .KEY format, please see the guide to Export an SSL Cert from a Windows Server to Apache with the DigiCert Util.

1. Download and Run the DigiCert Certificate Management Tool on the Microsoft server.
2. Select the certificate you want to export to a PFX file and click Export. 
   
    
3. To export this file to a Microsoft server type (e.g. IIS, Exchange, Office Communications Server, ISA, TMG) or other server/device that accepts a .PFX, .P12 file or PKCS#12 file leave all the options as their defaults and click Next. 
   
   To export the certificate to an Apache server or other software platform or device that requires that the private key and certificate files are kept separate, click the key file (Apache compatible format) option, then choose the location to save this file and click Finish. 
   
    
4. Create a new password that will need to be entered to import the certificate onto other servers and click next. 
   
    
5. Choose the location and filename where you want the PFX file saved and click Finish.
   

ref: http://www.digicert.com/util/pfx-certificate-management-utility-import-export-instructions.htm

Export a Server Certificate (IIS 6.0)

Web server certificates contain information about the server that allows the client to positively identify the server over a network before sharing sensitive information, in a process called authentication. Secure Sockets Layer (SSL) uses these certificates for authentication, and uses encryption for message integrity and confidentiality. SSL is a public key–based security protocol that is used by Internet services and clients to authenticate each other and to establish message integrity and confidentiality.

If you use SSL to protect confidential information exchanged between the Web server and the client, you must migrate or export the certificates and the associated private keys from the source server to the target server.

Requirements

•	Credentials: Membership in the Administrators group on the local computer.
•	Tools: Iis.msc.

Top of page

Recommendation

As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.

Top of page

Procedures

To export a server certificate

1.	In the Run dialog box, type mmc, and then click OK. The Microsoft Management Console (MMC) appears.
2.	If you do not have Certificate Manager installed in MMC, you need to install it. For more information on how to add the Certificate snap-in to an MMC console, see the procedure "To add the Certificates Snap-in to MMC" in Install a Server Certificate this appendix.
3.	In the console tree, click the logical store where the certificate you want to export exists. Usually this is in the Certificates folder in the Personal directory underCertificates (Local Computer) on the Console Root.
4.	Right-click the certificate you want to export, click All Tasks, and click Export to start the Certificate Export Wizard.
5.	Click Next.
6.	On Export Private Key, click Yes to export the private key.   Important You must export the private key along with your certificate for it to be valid on your target server. Otherwise, you will have to request a new certificate for the target server.
7.	In the Export File Format dialog box, click the format you want for the certificate. If the certificate has already been formatted, that format is selected as the default. Click Next. Do not select Delete the private key if export is successful, because this will disable the SSL site that corresponds to that private key.
8.	Continue to follow steps in the wizard, and enter a password for the certificate backup file when prompted. Using a strong password is highly recommended because it ensures that the private key is well protected.
9.	Type the name of the file you want to export, or click Browse to search for the file. Click Next.
10.	Click Finish to complete the Certificate Export Wizard. ref: https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2cfeeba2-511f-47e8-913c-f196b74e6a44.mspx?mfr=true