+49 (0) 7245 919 581 info@eunetic.com
Login
  1. Home
  2. EuropeanSSL Knowledge Base
  3. EuropeanSSL Install
  4. How do I copy an SSL certificate from one Windows server to another Windows server?
europeanSSL
Knowledge Base

How do I copy an SSL certificate from one Windows server to another Windows server?

Copying an SSL certificate from one server to the other may be necessary if you operate several servers and want to use a WildCard certificate. The export of an SSL certificate is also very important if you change your hosting provider.

At this point, we assume that you have already successfully installed your SSL certificate on one of the Windows webservers. The following instructions explain in 3 sections how to copy or transfer the certificate to another server.

  • Export the SSL certificate together with Private Key and all intermediate certificates to a .PFX file.
  • Import the SSL Certificate and Private Key to the new server.
  • Configuration of the web page related to your SSL certificate.

This guide explains how to export an SSL certificate using the MMC console. If you are using a Windows Server 2008 (IIS7), you can export the certificate directly in the "Server Certificates" section of the IIS.

1
Exporting the Certificate from the Windows MMC Console
  1. Click "Run" in the Start menu.
  2. Enter "mmc" and click "Ok".
  3. Select "File" and then click "Add/Remove Snap-in...". If you are using Windows Server 2003, click on the "Add" button. Then double-click on "Certificates".
  4. Select the option "Computer Account" and click on "Next".
  5. Leave the default option "Local Computer" and click on "Finish". If you are using Windows Server 2003, click the "Close" button. Then click "OK".
  6. Now click on the plus button in the left menu next to "Certificates".
  7. Now click again on the plus button next to "Personal Folder" and then click on the "Certificates" folder. Right-click on the certificate you want to export. Then select "All Tasks" and then the option "Export...".
  8. In the Certificate Export Wizard, click "Next".
  9. Now select the option "Yes, export the private key" and click on "Next".
  10. In the section "Personal Information Exchange" please mark the option "Include all Certificates in the certificate path if possible".
  11. Now please create a password that you can remember well. This password is required every time you want to import the certificate on a different server.
  12. Click on "Browse" and select a location for the .pfx file. Choose a file name like "mydomain.pfx" and click on "Next".
  13. Click on "Finish".
  14. The .pfx file with your certificate and the PrivateKey is now stored in the folder you specified before.
2
Import a certificate via the Windows MMC console
  1. After you have successfully exported your certificate, please upload the created .pfx file to the new server.
  2. Click on "Run" in the Start menu.
  3. Type "mmc" and click OK.
  4. Click on the "File" menu and then on "Add/Remove Snap-in...". If you are using Windows Server 2003, click the "Add" button. Then double-click on "Certificates".
  5. Select the option "Computer Account" and click on "Next".
  6. Leave the default option "Local Computer" and click on "Finish". If you are using Windows Server 2003, click the "Close" button. Then click "OK".
  7. Right click on the folder "Personal", select the option "All Tasks" and then "Import...".
  8. In the Certificate Import Wizard please click on "Next".
  9. Now click on the "Browse..." button. button and change the file type from "x.509..." to "Personal Information exchange (*.pfx, *.p12).
  10. Now search for the imported .PFX file and click on "Open", then on "Next".
  11. Please enter the previously created password for your .pfx file here. Make sure to activate the option "Mark this key as exportable". This ensures that you can export the certificate from this server again. Then click on "Next".
  12. In the next window please mark the option "Automatically select the certificate store based on the type of certificate" and click on "Next".
  13. Click on "Finish" to complete the Import Wizard.
  14. You can now click the "Resfresh" button in the toolbar, then you will see the certificate in the folder Personal / Certificates.
  15. You can check your installation by double-clicking on the certificate and looking for the entry "You have a private key that corresponds to this certificate" at the bottom of the page.
  16. Close the MMC console. A further saving is not necessary.
3
Assign the imported SSL certificate

After you have successfully imported the .pfx file, it must still be assigned in IIS.

  1. In IIS, call the host name to which you want to assign the certificate.
  2. Go to the tab "Diretory Security" and click on the button "Server Certificate" to start the Server Certificate Wizard.
  3. If you have already set up a certificate for this hostname, you must first remove it and restart the wizard.
  4. Now click on "Assign an existing Certificate" and then on "Next".
  5. Select the imported certificate and click "Next".
  6. Click on "Finish". It may be necessary to restart the server to make the certificate work for the hostname.


In case you experienced any problem or have any question about the process, please do not hesitate to contact our support.

Back to the index...
Was this article helpful?
No Yes
We use cookies for the technical functionality of this website. With your consent, we also collect page views and other statistical data in anonymized form.

Only required
Accept all
Select individually
Cookie Settings
Read Privacy Statement