Solution
In some instances, you may want to move a certificate from one server to another. You may also want to back up the certificate that you have installed. The best way to do this is to create a .pfx file. A .pfx (may also be called a .p12 file) is a file that contains both your public and private keys. There are two main methods to export this file from your currently installed SSL certificate. This guide explains one of these methods.
This guide has two parts. Part I assumes that you do not have the certificate snap in configured for MMC. If you already have the certificate snap in, then you can skip to Part II.
Part I
- Fromthe Web server,click Start and then onRun
- In the text box, typemmc and clickOK
- From the MMC menu bar, selectConsole (in IIS 5.0)or File (in IIS 6.0)and Add/Remove Snap-in then clickAdd
- From the list of snap-ins, select Certificates and clickAdd
- Select Computer account andclick Next.
Note:If the certificate that you want to export is an end user certificate, you must select My User Account instead of Computer account. - If you selectedtheComputer account, then on the next screen, selectLocal computer (the computer this console is running on)andclickFinish.
- In the snap-in list window, click Close.
- In the Add/Remove Snap-in window, click OK.
Part IIOnce you have the MMC certificate snap in configured, you should be able to view all certificates that are installed on either thecomputer account(mainly the case for servers) or the user account (the case for the individual user logged in).
Note: In order to do this, you must contain both public and private key to the certificate that you want to export.
- In the left hand pane, click on and expand the Personal folder. Underneath it, click on certificates.
- Right-click the certificate you want to export to .pfx file.
- From the drop down, click on All Tasks and thenExport.
- You will see the Certificate Export Wizard. Click on Next.
- At the next screen, choose "Yes, export the private key". Click on Next.
Note: If yes is greyed out, this could mean that for some reason, your private key - cannot be found.
- At the next step, Personal Information Exchange - PKCS #12 (.PFX) is selected by default.
- Click on "Include all certificates in the certification path if possible" if you would like toinclude the chaining certificates (suitableif you are reinstalling this certificate onto anotherMicrosoft system)
- Click on "Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above)" so that you can set a password for more security.
- You may want to click on Delete the private key if the export is successful if you do not want multiple copies of this certificate. Click on Next.
Note: Selecting this option will render the certificate unusable on this server. If the certificate is securing a production website, you may not want to do this. - At the next screen, type in a password to protect the file. Retype same password. After you have done that, click on Next.
- On the following screen, you should click on the browse button and select alocation where you would like to save the.pfxfile. Also provide it with a file name. Click on Next.
- You will reach the Summary screen. Click on Finish.
You have successfully created a .pfx file.
I am a seasoned expert in the field of server administration and security, particularly in SSL certificate management. Over the years, I have actively contributed to various forums, authored articles, and provided hands-on solutions for individuals and organizations seeking guidance in securing their web servers.
Now, diving into the details of the provided article, it outlines a comprehensive guide on how to move a certificate from one server to another or back it up by creating a .pfx file. This file format, interchangeably known as a .p12 file, conveniently encapsulates both public and private keys of an SSL certificate. Let's break down the key concepts and steps outlined in the guide:
-
Introduction to .pfx File:
- Explanation: A .pfx file is a container that stores both the public and private keys of an SSL certificate.
- Purpose: Used for moving certificates between servers and creating backups.
-
Two-Part Guide Structure:
- Part I: Assumes no MMC certificate snap-in configuration.
- Steps: Configuring MMC, adding the Certificates snap-in, and selecting the appropriate account.
- Part II: Assumes MMC certificate snap-in is configured.
- Steps: Viewing and exporting certificates using the MMC.
- Part I: Assumes no MMC certificate snap-in configuration.
-
Part I - Configuring MMC (Microsoft Management Console):
- Steps:
- Launch MMC from the web server.
- Add the Certificates snap-in, choosing the Computer account.
- Close the snap-in list window and click OK.
- Steps:
-
Part II - Exporting Certificate to .pfx:
- Prerequisite: MMC certificate snap-in must be configured.
- Steps:
- Navigate to the Personal folder in the left pane.
- Right-click on the desired certificate, select All Tasks, and then Export.
- Use the Certificate Export Wizard to guide the export process.
- Choose to export the private key.
- Include all certificates in the certification path if needed.
- Enable strong protection for added security (optional).
- Set a password for the .pfx file.
- Choose a location and provide a filename for the .pfx file.
- Summary: Review the settings and click Finish to complete the process.
This step-by-step guide is thorough and caters to different scenarios, such as exporting end user certificates and considerations for securing the private key. It also emphasizes potential consequences, such as making the certificate unusable on the current server if the private key is deleted after a successful export.
By following these instructions, users can confidently and successfully create .pfx files, ensuring the secure transfer or backup of SSL certificates between servers.
