Ask a Question

Solution ID : SO20472

Last Modified : 05/02/2018

How to move a SSL certificate from Microsoft IIS 7 to Microsoft IIS 6

Solution

 To move a SSL certificate from Microsoft IIS 7 to Microsoft IIS 6, please perform the following steps: 

  Step 1: Export Certificate from the IIS 7 Server

  1. Start > Run
  2. Type in MMC and click OK
  3.  Go into the File Tab > select Add/Remove Snap-in
  4. Click on Certificates and click on Add
  5. Select Computer Account > Click Next
  6. Select Local Computer > Click Finish
  7. Click OK to close the Add/Remove Snap-in window.
  8. Double click on Certificates (Local Computer) in the center window.
  9. Double click on the Personal folder, and then on Certificates.
  10. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
  11. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
  12. Choose to 'Yes, export the private key'
  13. Choose to "Include all certificates in certificate path if possible." (do NOT select the delete Private Key option)
  14. Enter a password you will remember
  15. Choose to save file on a set location
  16. Click Finish
  17. You will receive a message > "The export was successful." > Click OK
  18. The .pfx file backup is now saved in the location you selected.

 
Step 2: Import Certificate and Private Key to the IIS 6 Server 

 
After the Certificate and the Private key file has been exported, you must import the certificate to the new computer's Personal certificate store.

Create an MMC Snap-in for Managing Certificates:
 
  1. Start > run > MMC
  2. Go into the Console Tab > File > Add/Remove Snap-in
  3. Click on Add > Click on Certificates and click on Add
  4. Choose Computer Account > Next
  5. Choose Local Computer > Finish
  6. Close the Add Standalone Snap-in window.
  7. Click on OK at the Add/Remove Snap-in window. 
 
Import the Certificate with Private Key attached to IIS 6:
 
  1. Open up the Certificates Console Tree
  2. Look for a folder called Personal > Certificates
  3. Right-click in the right-hand side pane of the Console and select ALL TASKS > Import.
  4. The Certificate Import Wizard will start up. Click on Next
  5. On the File to Import page, type the complete path to the file or click the Browse button to navigate to the file name of the Certificate and Private Key you exported and click on Next
  6. Enter the password you gave the PFX file when you created it.  Be sure the Mark this key as exportable option is selected if you want to be able to export the Certificate and Private Key pair again from this computer. 
  7. On the Certificate Store page, select Automatically select the certificate store based on the type of certificate and click Next.
  8. On the Completing the Certificate Import Wizard page, click Finish.
  9. You will receive a message that states The import was successful when the import has been completed. Click OK.

Assign the certificate to your web site: 
 
  1. Open the Internet Services Manager (Start > Programs > Administrative Tools)
  2. Right-click on the web site you want to install the certificate on.
  3. Select Properties.
  4. Click the Directory Security tab.
  5. Under the Secure Communications section, click Server Certificate.
  6. This will start the Web Site Certificate Wizard. Click Next.
  7. Choose the Assign an existing certificate option and click Next.
    Note: If a certificate is already assigned to the website, choose Replace the current certificate
  8. Highlight your Web server certificate (denoted by the common name) and then click on Next.
  9. Assign the SSL port for the web-site and click on Next   
    Note: Port 443 is the default SSL port. 
  10. You will now see a summary screen showing you all the details about the certificate you are installing.  Be sure that this information is correct or you may have problems using SSL or TLS in HTTP communications.
  11. Click Next and then click on Finish to exit the wizard. 
    Note: Under the Web Site tab, make sure that the secure port 443 is enabled and that a unique IP address has been assigned.