February 2014

Gavin Pickin

Exporting SSL Certificates from IIS 6 on Windows into .pfx files

OpenSSL, Server Admin

Working with Windows and IIS, you might come across the time when you want to move an SSL Certificate from one server, to another server, and you wonder how you can do this without starting a new request, and go through the whole process again. If you have the .cert .crt or .cer file, you can try and import it into IIS, but you'll realize, you need the CSR generated from the new IIS server, for the .cert .cer .crt file to match it, so you'll have to export the SSL cert to a .pfx. This makes moving SSL Certs from IIS Server to IIS server, but it also allows you to take the SSL and move it to an Apache httpd server using Openssl. This little guide will walk you through creating the .pfx file, preparing for importing it into your new Web Server, whatever you decide to use.

I assume you know what IIS is, how to open it, and how to view a website's properties. If you do not know how to do that, go use GOOGLE and come back once you get that far :)

So in the IIS display, view the list of sites, and right click > Properties.
Click on the Directory Security tab like the image below, and then click Server Certificate.


This will pull up the Web Server Certificate Wizard... here you can Add, Remove, Export etc. Click next to proceed.


We want to select the 4th option, Export the current certificate to a pfx file. 


Select the location where you'd like to save the pfx certificate file... make sure you name it something useful, and somewhere you can download or ftp the file to the server you're migrating the SSL Certificate to.


When creating a .pfx file, you need to supply a password. Make sure you remember this, you will need it later to import the SSL Cert, or extract Keys and Certs from the file (as we will when we move to Apache Httpd server with openssl)


Once you enter a password, you will see a summary of the Cert Details. Click next to complete the process.


Congrats, you have exported the file. Now you can ftp or download the file onto the machine you wish to migrate to.


Thanks for reading,


Blog Search