How to Import and Export SSL Certificates with IIS 8 and IIS 8.5
Exporting/Backing Up to a .pfx FileBefore you can export your SSL Certificate as a .pfx file, you must first install the SSL Certificate files that you received on the server that generated your CSR.
- From the Start screen, type and then click Run.
- In the Run window, in the Open box, type mmc and then, click OK.
- In the User Account Control window, click Yes to allow the Microsoft Management Console to make changes to the computer.
- In the Console window, in the menu at the top, click File > Add/Remove Snap-in.
- In the Add or Remove Snap-ins window, under Available snap-ins (left side), click Certificates and then, click Add.
- In the Certificates snap-in window, select Computer account and then, click Next.
- In the Select Computer window, select Local computer: (computer this console is running on), and then, click Finish.
- In the Add or Remove Snap-ins window, click OK.
- In the Console window, in the Console Root section, expand Certificates (Local Computer), expand the folder that contains the certificate that you want to export/back up, and then, click the associated Certificates folder.
Note: Your certificate will be in either the Personal or the Web Hosting folder.
- In the center section, right-click on the certificate that you want to export/back up and then, click All Tasks > Export to open the Certificate Export Wizard.
- On the Welcome to the Certificate Export Wizard page, click Next.
- On the Export Private Key page, select Yes, export the private key, and then, click Next.
- On the Export File Format page, select Personal Information Exchange, check Include all certificates in the certification path if possible, and then, click Next.
Warning: Do not select Delete the private key if the export is successful.
- On the Security page, check Password, enter and confirm your password, and then, click Next.
- On the File to Export page, browse to and select the file that you want to export/back up and then, click Next.
Make sure to note the filename and the location where you saved your file.
If you only enter the filename without selecting a location, your file is saved to the following location: C:\Windows\System32. - On the Completing the Certificate Export Wizard page, verify that the settings are correct and then, click Finish.
- You should receive "The export was successful" message.
The .pfx file is now saved to the location that you selected.
Importing From a .pfx File- From the Start screen, type and then click Run.
- In the Run window, in the Open box, type mmc and click OK.
- In the User Account Control window, click Yes to allow the Microsoft Management Console to make changes to the computer.
- In the Console window, in the menu at the top, click File > Add/Remove Snap-in.
- In the Add or Remove Snap-ins window, under Available snap-ins (left side), click Certificates and then, click Add.
- In the Certificates snap-in window, select Computer account and then, click Next.
- In the Select Computer window, select Local computer: (computer this console is running on) and then, click Finish.
- In the Add or Remove Snap-ins window, click OK.
- In the Console window, in the Console Root section, expand Certificates (Local Computer).
- Right-click on the Personal folder and then, click All Tasks > Import to open the Certificate Import Wizard.
- On the Welcome to the Certificate Import Wizard page, click Next.
- Follow the instructions in the certificate import wizard to import your primary certificate from the .pfx file.
Note: On the Certificate Store page, select Automatically select the certificate store based on the type of certificate.
- On the Completing the Certificate Import Wizard page, verify your settings and then, click Finish.
- You should receive “The import was successful” message.
- After you import the SSL Certificate .pfx file, you need to enable the new certificate on the server.
Enabling a New Certificate on a Server (Does Not Have Binding for https)- From the Start screen, type and click Internet Information Services (IIS) Manager
- In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then, click the site that you want to secure (usually the default website).
- In the Actions menu, under Edit Site, click Bindings.
- In the Site Bindings window, click Add.
- In the Add Site Binding window, enter the following information:
| Type: | In the drop-down list, select https. |
| IP address: | In the drop-down list, select All Unassigned. |
| Port: | Enter 443. The port for SSL traffic is usually port 443. |
| SSL certificate: | In the drop-down list, select your recently imported SSL Certificate by its friendly name. |
- Click OK. Your SSL Certificate is now installed and the website is configured to accept secure connections.
Note: You may have to restart IIS or the server for it to recognize the new certificate.
Enabling a New Certificate on a Server (Has Binding for https)- From the Start screen, type and click Internet Information Services (IIS) Manager
- In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then, click the site that you want to secure (usually the default website).
- In the Actions menu, under Edit Site, click Bindings.
- In the Site Bindings window, select binding for https, and then click Edit.
- In the Edit Site Binding window, enter the following information:
| IP address: | In the drop-down list, select All Unassigned. If your server has multiple IP addresses, select the one that applies. |
| Host name: | If you are using Server Name Indication, enter the hostname that you are securing. |
| Require Server Name Indication | If you are using Server Name Indication, check this check box. |
| SSL certificate: | In the drop-down list, select your recently imported SSL Certificate by its friendly name. |
- Click OK.
Your SSL Certificate is now installed, and the website is configured to accept secure connections.
Note: You may have to restart IIS or the server for it to recognize the new certificate.
