In some instances, you may want to move a certificate from one server to another. You may also want to back up the certificate that you have installed. The best way to do this is to create a .pfx file. A .pfx (may also be called a .p12 file) is a file that contains both your public and private keys. There are two main methods to export this file from your currently installed SSL certificate. This guide explains one of these methods.
This guide has two parts. Part I assumes that you do not have the certificate snap in configured for MMC. If you already have the certificate snap in, then you can skip to Part II.
- From the Web server, click Start and then on Run
- In the text box, type mmc and click OK
- From the MMC menu bar, select Console (in IIS 5.0) or File (in IIS 6.0) and Add/Remove Snap-in then click Add
- From the list of snap-ins, select Certificates and click Add
- Select Computer account and click Next.
Note: If the certificate that you want to export is an end user certificate, you must select My User Account instead of Computer account.
- If you selected the Computer account, then on the next screen, select Local computer (the computer this console is running on) and click Finish.
- In the snap-in list window, click Close.
- In the Add/Remove Snap-in window, click OK.
Once you have the MMC certificate snap in configured, you should be able to view all certificates that are installed on either the computer account (mainly the case for servers) or the user account (the case for the individual user logged in).
Note: In order to do this, you must contain both public and private key to the certificate that you want to export.
- In the left hand pane, click on and expand the Personal folder. Underneath it, click on certificates.
- Right-click the certificate you want to export to .pfx file.
- From the drop down, click on All Tasks and then Export.
- You will see the Certificate Export Wizard. Click on Next.
- At the next screen, choose "Yes, export the private key". Click on Next.
Note: If yes is greyed out, this could mean that for some reason, your private key
- cannot be found.
- At the next step, Personal Information Exchange - PKCS #12 (.PFX) is selected by default.
- Click on "Include all certificates in the certification path if possible" if you would like to include the chaining certificates (suitable if you are reinstalling this certificate onto another Microsoft system)
- Click on "Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above)" so that you can set a password for more security.
- You may want to click on Delete the private key if the export is successful if you do not want multiple copies of this certificate. Click on Next.
Note: Selecting this option will render the certificate unusable on this server. If the certificate is securing a production website, you may not want to do this.
- At the next screen, type in a password to protect the file. Retype same password. After you have done that, click on Next.
- On the following screen, you should click on the browse button and select a location where you would like to save the .pfx file. Also provide it with a file name. Click on Next.
- You will reach the Summary screen. Click on Finish.
You have successfully created a .pfx file.