Microsoft IIS 5/6 PFX Export/Import Explained
How to Import and Export your SSL Certificate in IIS
PFX Backup Tutorial for Microsoft IIS 5/6 Servers
The PFX extension is used on Windows servers for files containing both the public key files (your SSL certificate files, provided by DigiCert) and the associated private key (generated by your server at the time the CSR was generated).
Since both the public and private keys are needed for an SSL certificate to function, a PFX backup is always needed to transfer an SSL server security certificate from one server to another.
This tutorial explains how to back up your certificate from a working server, import the certificate to a second server, and then enable the certificate for use on the new server. If you have not yet installed the certificate files you received from DigiCert to the server that generated your CSR, please see our IIS 5/6 installation instructions.
Exporting/Backing up your certificate/Private Key (to .pfx file format)
1. From the Start menu, select "Run...". Type "mmc" and hit Enter.
2. Under the File menu choose Add/Remove Snap in.
3. Click Add, then from the Add Standalone Snap-in panel choose Certificates, and click Add.
4. Choose Computer Account and click Next, then choose Local Computer and click Finish.
5. Close the Add Standalone Snap-In window by clicking Close.
6. Close the Add/Remove Snap-in window by clicking Ok.
7. Click the + to Expand the Certificates (Local Computer) Console Tree
8. Look for the Personal directory/folder and expand Certificates.
9. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
10. Follow the Certificate Export Wizard to backup your certificate to a .pfx file
11. Choose to 'Yes, export the private key'
12. Choose to include all certificates in certificate path if possible. (do NOT select the delete Private Key option)
13. Leave default settings > Enter Password (if required)
14. Choose to save file on a set location
15. Finish
16. You will receive a message > Export Successful
17. The .pfx file backup is now saved in the location you selected.
Importing your Certificate/Private Key (from .pfx file format)
1. From the Start menu, select "Run...". Type "mmc" and hit Enter.
2. Under the File menu choose Add/Remove Snap in.
3. Click Add, then from the Add Standalone Snap-in panel choose Certificates, and click Add.
4. Choose Computer Account and click Next, then choose Local Computer and click Finish.
5. Close the Add Standalone Snap-In window by clicking Close.
6. Close the Add/Remove Snap-in window by clicking Ok.
7. Click the + to Expand the Certificates (Local Computer) Console Tree
8. Right click on the Personal Certificates Store (folder)
9. Choose > ALL TASKS > Import
10. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
11. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.
Configuring Your Site - IIS 5/6
1. In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
2. Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
3. If given the option, Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported.
If you do not have that option, you should be asked what you want to do with the current certificate on the site, choose the option to "replace" your current certificate.
4. Browse to the .pfx file that you created earlier.
5. Finish the certificate wizard.
Occassionally a server or IIS restart is required before your server will recognize the new certificate.
