Entrust Certificate Services Support Knowledge Base

Audience: Administrator
Last Modified: 2006-09-12 12:39:52.0

TN 5697 - How can I transfer my existing SSL certificate from IIS 5.0 Windows 2000 to IIS 6.0 Windows 2003

Servers effected: IIS 5.0 Windows 2000 server and IIS 6.0 Windows 2003 server.

Question:

How can I transfer my existing SSL certificate from IIS 5.0 Windows 2000 to IIS 6.0 Windows 2003

Answer:

In order to move your SSL Certificate from IIS 5.0 Windows 2000 server to IIS 6.0 Windows 2003 server. Please follow the instructions below:

Step 1 - From the IIS 5.0 Windows 2000 Server 

Steps to follow form your current web server.

1.0 ADD THE CERTIFICATE SNAP IN

1.1 Click Start / Run / and Type in MMC to open the  Microsoft Management Console.
1.2 Click Console from the top menu and choose Add/Remove snap in.
1.3 Click Add and choose “Certificates” from the available snap ins.
1.4 Choose Computer Account / Local Computer in the wizard.

Step 2.0 CHOOSE YOUR CERTIFICATE TO EXPORT

2.1 Expand the tree under Certificates (Local Computer)
2.2 Expand Personal Folder and Click on Certificates folder.
2.3 Verifiy which certifcate you will need to export, by choosing and double clicking. Note: You should see “You have a Private Key associated with this certificate” footer on the certificate. This means that the certificate will be usable for SSL server functionality.
2.4 Export your certificate
2.5 Right Click on your certificate and choose All Tasks / Export
2.6 The Export wizard will appear. Choose Next.
2.7 Make sure there is a check mark in “Yes, Export the private key” Choose Next.
2.8 Make sure the radio button for “Personal Information Exchange” is checked.
2.9 Make sure everything under “Personal Information Exchange” is NOT checked.
2.10 Choose Next and Type in a password to protect the keypair. You will only be prompted for a new password if an export of this particular certificate has never been performed before.  You will need this password to import the certificate into the new server.
2.11 Choose Next. Give your certificate a filename such as IISKeypair and Choose Next and OK to the export.

    Steps to follow from the new IIS 6.0 Windows 2003 server.

3.0 ADD THE CERTIFICATE SNAP IN TO COMPLETE TRANSFER

3.1 Click Start / Run / and Type in MMC to open the  Microsoft Management Console.
3.2 Click Console from the top menu and choose Add/Remove snap in.
3.3 Click Add and choose “Certificates” from the available snap ins.
3.4 Choose Computer Account / Local Computer in the wizard.

4.0 IMPORT THE CERTIFICATE

4.1 Expand the tree under Certificates (Local Computer)
4.2 Expand the Personal Folder and click on Certificates. Normally, if there are no other websites using SSL certificates, this should be empty.
4.3 Right Click on the Personal folder. Choose All Tasks and Choose Import.
4.4 Choose Next to the Import Welcome Wizard and Browse to your IISKeypair.pfx file. Locate the file and choose Next.
4.5 Type in your keypair password.
4.6 Place a check mark in “Mark the private key as exportable” and Choose Next
4.7 Choose the default “Place all Certificates in the following Store” Personal Folder and choose Next and then Finish

5.0 VERIFY THE CERTIFICATE

5.1 Double Click on the certificate that has been imported.
5.2 Verify the certificate to make sure the footer reads “You Have a Private Key Associated with the certificate”
5.3 Close MMC.
 

6.0 ASSIGNING THE CERTIFICATE

6.1 Launch Internet Information Services through your Start Menu.
6.2 Right Click on your website and choose properties.
6.3 Click on the Directory Security tab.
6.4 Choose the Server Certificate button.
6.5 Choose next to the Welcome wizard.
6.6 Place the radio button in “Assign an existing certificate” Choose Next.
6.7 Choose your certificate from the pop up window and choose Next.
6.8 Verify your certificate information and choose Next, then Finish.
6.9 Stop and Start your webiste.

7.0 ENABLE PORT 443

7.1 In the properties of your website from IIS, choose the Web Site tab.
7.2 Make sure that port 443 is entered into the SSL field section.
7.3 Make sure you have port 443 open on the firewall. Please refer to

You have now successfully installed your existing certificate to the new server.

 

 

Affected Products:

• Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services Cert Admin Advantage Server Certificate 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
• Entrust Certificate Services Cert Admin Advantage Server Certificate 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable