Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-09-07 15:42:07.0

How do I back up and restore SSL certificate and its associated private key in IIS 7?

Article Number: 46321

Question:

 

How do I back up and restore my SSL certificate and its associated private key in Microsoft IIS 7?

 

NOTE: These instructions apply to the following server types:

Microsoft IIS 7
Microsoft Exchange 2007 (Windows Server 2008)
Microsoft Exchange 2010
Microsoft Office Communications Server 2010

 

Answer:

 

It is highly recommended that you back up your server certificate in a secure location. This will allow you to re-import your certificate and private key in case the original becomes corrupted.

 

This document shows you how to access the Microsoft Management Console (MMC) (Section 1), how to backup your server certificate and private key (Section 2), and how to restore your certificate and private key to the server (Section 3).

 


Section 1: open Microsoft Management Console (MMC)

 

  1. Go to Start à Run
  2. Enter MMC and click OK.

 

  1. Select File à Add/Remove Snap-in.


     
  2. Click Certificates and click Add.


     
  3. Select Computer Account, and click Next.




     

  4. Select Local Computer and click Finish.




     

  5. Click OK to close the Snap-ins window.

 

Section 2: Backing up your server certificate and private key

 

 

  1. In MMC, double-click Certificates (local computer).
    Double-click Personal.
    Double-click Certificates.


     
  2. Right-click on the certificate you need to backup and select All Tasks à Export to open up the wizard. Complete the wizard to create a .pfx file. This .pfx file is the backup file for the certificate and the private key associated with it


     
  3. Select Yes, export the private key.


Note: If the option to export the private key is grayed out, then the private key is either missing from the server or was set to be un-exportable. In either scenario, you will not be able to back up your certificate and private key pair.

 

  1. Select Include all certificates in the certificate path if possible.


     
  2. Enter a password to protect the .pfx file.

 

  1. Select the location where you wish to save the file.

 

 

The generated .pfx file is your certificate and private key backup.

 

Make sure that you store the file in a secure place.

 

Write down the file password and store it in a safe and secure place. This password is your only way to access the backed-up certificate and private key.

 

 



 

Section 3: Restoring the server certificate and private key.

 

You restore your server certificate and private key pair by importing the certificate and private key backup file. 
 

  1. In MMC, double-click Certificates (local computer). Right-click Personal and select All Tasks à Import.


     
  2. Complete the wizard to import the backup file of your certificate.

Note: When you browse for your .pfx certificate backup file, make sure that the file extension drop down menu is set to see Personal Information Exchange (.pfx, p12) or all file types (*.*).

 

  1. Enter the correct password for the file.
  2. Select to automatically place the certificate in the certificate store based on the type of certificate.
  3. Click Finish to close the wizard, and close the MMC console to complete the certificate import.



     

 

TN8174

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable