Back up your SSL certificate: IIS

We recommend that you back up your SSL certificate and its corresponding private key so that you’re safeguarding against any disasters disrupting your server. These instructions will also help you export your certificate from one web server and import the certificate and its private key to another web server:

Step 1 of 14

Start by clicking your Start Menu in the bottom-left corner of your screen and open the Run function.

Step 2 of 14

Enter mmc into the prompt and then click OK.

Step 3 of 14

This will open the Console Root. From here, click File and then select Add/Remove Snap-in from the drop-down menu that appears.

Step 4 of 14

A pop-up window will now appear where you can add or remove snap-ins. Simply select Certificates from the Available snap-ins menu and then click Add.

Step 5 of 14

After you’ve done this, select Computer Management from the Available snap-ins menu and then click Add.

Step 6 of 14

A pop-up window will now appear where you’ll need to select the computer you want this snap-in to manage. Simply select Local computer and then click Finish.

Step 7 of 14

Click OK to close the Add/Remove Snap-in window.

Step 8 of 14

In the left-hand menu, expand Certificates by clicking the arrow alongside it.

Step 9 of 14

This will give you a list of folders. Open the Personal folder and then click Certificates.

Step 10 of 14

Find the certificate for the correct domain and then right-click it.

Step 11 of 14

Hover your cursor over All Tasks and then click Export.

Step 12 of 14

This will start up the Certificate Export Wizard. Simply click Next to continue.

Step 13 of 14

On the next page, select the option Personal Information Exchange and make sure you perform the following:

  • Select the option Include all certificates in the certification path if possible
  • Select the option Export all extended properties
  • Deselect Enable certificate privacy
Step 14 of 14

Complete the Export wizard and you will receive a message stating that you have successfully exported your certificate. Be sure to save your .pfx file in a secure location.

If you need to import your .pfx into another IIS web server, simply follow the instructions below.

Import to MMC:

Step 1 of 11

Start by clicking your Start Menu in the bottom-left corner of your screen and open the Run function.

Step 2 of 11

Enter mmc into the prompt and then click OK.

Step 3 of 11

This will open the Console Root. From here, click File and then select Add/Remove Snap-in from the drop-down menu that appears.

Step 4 of 11

A pop-up window will now appear where you can add or remove snap-ins. Simply select Certificates from the Available snap-ins menu and then click Add.

Step 5 of 11

After you’ve done this, select Computer Management from the Available snap-ins menu and then click Add.

Step 6 of 11

A pop-up window will now appear where you’ll need to select the computer you want this snap-in to manage. Simply select Local computer and then click Finish.

Step 7 of 11

Click OK to close the Add/Remove Snap-in window.

Step 8 of 11

In the left-hand menu, expand Certificates by clicking the arrow alongside it.

Step 9 of 11

This will give you a list of folders. Right-click the Personal folder, hover your cursor over All Tasks and then select Import.

Step 10 of 11

This will start up the Certificate Import Wizard. Simply click Next to continue.

Step 11 of 11

From here, find the .pfx file you saved previously and then import your certificate and its associated private key.

Assign to IIS:

Step 1 of 6

Once you have opened IIS, find the domain your SSL certificate has been set up for.

Step 2 of 6

Right-click your domain and select Properties.

Step 3 of 6

From there, select the Directory security tab, followed by Server certificates.

Step 4 of 6

This will open the Certificates Wizard. Simply click Next to continue.

Step 5 of 6

On the next page, select Assign certificate and then click Next.

Step 6 of 6

Find and select the certificate you have just imported and click OK.

Your SSL Certificate and Private Key have been imported into IIS.