Knowledgebase: SSL Technical FAQs

Exporting and Restoring a PFX file to IIS

Export certificate and private key to PFX (Personal File Exchange) format

Certificate Snap-in


1. Open up the Microsoft Management Console (MMC).

Start -> Run -> Type "mmc" (without quotes) and Click OK or hit Enter on your keyboard.

Start Run MMC

2. Open Add/Remove Snap-in Window.

File -> Add/Remove Snap-in

AddRemove SnapIn

3. Add the Certificates Snap-in.
Click Add then double-click Certificates

AddCertSnap

CertSnapIn

4. Select Computer Account and click Next.

ComputerAccount
Note: This step is very important. It must be the Computer Account and no other account!

5. Select Local Computer and click Finish



6. Close the Add Standalone Snap-in window and click OK in the Add/Remove Snap-in Window.

7. Click the + (plus) sign next to Personal and click on the Certificates folder.


Export Process


1. Right-Click on the certificate that is to be exported and select All Tasks -> Export

2. When the Certificate Export Wizard starts, click Next on the Welcome Page.



3. Select Yes, export the private key and then click Next.


4. Leave the default settings that the window presents and click Next.

Note: These are the default settings, but put a check in the box labeled "Include all certificates in the chain if possible" and leave the rest as is.

5. Type and confirm a password for the PFX file and then click Next.

Note:This is a password you are creating.

6. On the File to Export page, save the file in a safe and easy to remember location (Example: My Documents, C Drive, or Desktop) and then click Next.

Note: Instead of typing in a location you can Browse to a location to save it to by clicking the Browse button.

7. A confirmation page will be displayed upon completion of the previous step. Click Finish to complete the export process.


You will now have PFX file which is ready for transport. This file typically contains just your certificate and private key rolled into one file.
Note:If you selected Include all certificates in the certification path if possible, then your file will contain the full certificate chain with the private key and end entity/domain certificate.

Import Process



Note: The following steps require you to be inside the Certificate Snap-in part of the MMC, if you are not already there please follow the section above titled Certificate Snap-in.

1. Right-Click on folder labeled Certificates under the Personal folder and select All Tasks-> Import

Import Certificate Wizard appears


2. When the Certificate Import Wizardstarts click Next

3. Browse or type in a location for the PFX file.


4. Type the password to the PFX file in the provided box and click Next.

Note: If you need to re-back up this key when imported, then make sure the box Mark this key as exportable... is checked-off.

5. Select Automatically select the certificate store based on the type of certificate and click Next.

6. On the Completing the Certificate Import Wizard page, click Finish.


7. Close the MMC and in case you are prompted, it is not necessary to save the changes.

You have now successfully completed the Certificate Import wizard.

Placing newly imported certificate into IIS 5.x & 6.x



  1. Open the IIS Manager

  2. Right-click on the site that you would like to use the certificate and select Properties.

  3. Click on the Directory Security tab and click on the Server Certificate button.

  4. Follow the wizard.

  5. If there is already a certificate on the website select Replace and then click Next.
    Note: If this site does not have a certificate on it already then click Assign... and then click Next.

  6. Finish the certificate wizard.

  7. Restart Website


Placing newly imported certificate into IIS 7.x



  1. Open IIS (Start -> Administrative Tools -> IISM -> Server Name)

  2. Open Web Sites by left-clicking the tiny triangle to the left of Web Sites.

  3. Single left-click on the Web Site name. Example: Default Web Site.

  4. Select Bindings from the Edit Site sub menu. (see image)



  5. In the next window to come up, single left-click on the type https to select.

  6. Click Edit.

  7. Select the appropriate SSL certificate from the SSL certificate drop-down box.

  8. Click OK to save changes.

  9. Verify certificate is working on Web Site by visiting the site in your web browser.



(1922 vote(s))
Helpful
Not helpful
Comments (0)