Export a Server Certificate
Applies To: Windows Server 2003, Windows Server 2003 with SP1
Web server certificates contain information about the server that allows the client to positively identify the server over a network before sharing sensitive information, in a process called authentication. Secure Sockets Layer (SSL) uses these certificates for authentication, and uses encryption for message integrity and confidentiality. SSL is a public key–based security protocol that is used by Internet services and clients to authenticate each other and to establish message integrity and confidentiality.
If you use SSL to protect confidential information exchanged between the Web server and the client, you must migrate or export the certificates and the associated private keys from the source server to the target server.
Requirements
Credentials: Membership in the Administrators group on the local computer.
Tools: Iis.msc.
Recommendation
As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type **runas /user:**administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.
Procedures
To export a server certificate
In the Run dialog box, type mmc, and then click OK. The Microsoft Management Console (MMC) appears.
If you do not have Certificate Manager installed in MMC, you need to install it.
For more information on how to add the Certificate snap-in to an MMC console, see the procedure "To add the Certificates Snap-in to MMC" in Install a Server Certificate this appendix.
In the console tree, click the logical store where the certificate you want to export exists. Usually this is in the Certificates folder in the Personal directory under Certificates (Local Computer) on the Console Root.
Right-click the certificate you want to export, click All Tasks, and click Export to start the Certificate Export Wizard.
Click Next.
On Export Private Key, click Yes to export the private key.
Important
You must export the private key along with your certificate for it to be valid on your target server. Otherwise, you will have to request a new certificate for the target server.
In the Export File Format dialog box, click the format you want for the certificate. If the certificate has already been formatted, that format is selected as the default. Click Next.
Do not select Delete the private key if export is successful, because this will disable the SSL site that corresponds to that private key.
Continue to follow steps in the wizard, and enter a password for the certificate backup file when prompted. Using a strong password is highly recommended because it ensures that the private key is well protected.
Type the name of the file you want to export, or click Browse to search for the file. Click Next.
Click Finish to complete the Certificate Export Wizard.