Knowledgebase

IIS 5.x - 6.x - 7.x certificate import  Print this Article

PFX Backup Tutorial for Microsoft IIS 5/6 Servers

The PFX extension is used on Windows servers for files containing both the public key files (your SSL certificate files) and the associated private key (generated by your server at the time the CSR was generated).

Since both the public and private keys are needed for an SSL certificate to function, a PFX backup is always needed to transfer an SSL server security certificate from one server to another.

This tutorial explains how to back up your certificate from a working server, import the certificate to a second server, and then enable the certificate for use on the new server. If you have not yet installed the certificate files you received from DigiCert to the server that generated your CSR, please see our IIS 5/6 installation instructions.

Exporting/Backing up your certificate/Private Key (to .pfx file format)

  1. From the Start menu, select "Run" and type mmc.
  2. Choose Add/Remove Snap-in under the File menu.

  3. Click Add, then Certificates, then Add.

  4. Go to Computer Account, then Next, then Local Computer, then Finish.
  5. Close the Add Standalone Snap-In window and the Add/Remove Snap-in window.
  6. Click the + to Expand the Certificates (Local Computer) Console Tree, look for the Personal directory/folder and expand Certificates.
  7. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export, follow the Certificate Export Wizard to backup your certificate to a .pfx file
  8. Choose to 'Yes, export the private key' and to include all certificates in certificate path if possible (do NOT select the delete Private Key option).
  9. Leave default settings > Enter Password (if required)
  10. Choose to save file on a set location, then Finish.
  11. You will receive a message > Export Successful

The .pfx file backup is now saved in the location you selected.

Importing your Certificate/Private Key (from .pfx file format)

  1. From the Start menu, select "Run...". Type "mmc" and hit Enter.
  2. Under the File menu choose Add/Remove Snap in.
  3. Click Add, then from the Add Standalone Snap-in panel choose Certificates, and click Add.
  4. Choose Computer Account and click Next, then choose Local Computer and click Finish.
  5. Close the Add Standalone Snap-In window by clicking Close.
  6. Close the Add/Remove Snap-in window by clicking Ok.
  7. Click the + to Expand the Certificates (Local Computer) Console Tree
  8. Right click on the Personal Certificates Store (folder)
  9. Choose > ALL TASKS > Import
  10. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
  11. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.

Configuring Your Site - IIS 5/6

  1. In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
  2. Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
  3. If given the option, Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported.
    If you do not have that option, you should be asked what you want to do with the current certificate on the site, choose the option to "replace" your current certificate.
  4. Browse to the .pfx file that you created earlier.
  5. Finish the certificate wizard.

Occasionally a server or IIS restart is required before your server will recognize the new certificate.

Was this answer helpful?

Related Articles

SSL Installations
SSL installation depends on the type of server you are securing. Please select below the server...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apple Mac OS X Server
Log in to admin server as a root. Create a folder /etc/httpd/ssl.crt/ (if it does not exist)....
Barracuda VPN server
Installing SSL certificate on Barracuda VPN serverImport CertificatesFrom the appliance web...
Cisco ACS Server
Note: If the domain/site certificate is created using CA certificate, you need to repeat steps...