Create a backup file of your IIS5, IIS6 or IIS7 certificate and of its private key

Thawte Standard or Wildcard users: before exporting, make sure the Thawte PCA certificate that expires in 2036 does not exist or has been deactivated: Desable Thawte PCA root (2036)

VeriSign users: before exporting, make sure the certificate VeriSign Class 3 Public Primary Certification Authority - G5 that expires in 2036 does not exist or has been deactivated:Deactivate VeriSign Class 3 Public Primary Certification Authority - G5 (2036) root

Sectigo users: before exporting, make sure the certificate COMODO RSA Certification Authority that expires in 2038 does not exist or has been deactivated: Deactivate COMODO RSA Certification Authority (2038) root

Exportation of the certificate from IIS5 or IIS6 (not IIS7)

In order to save your certificate elsewhere than on this server (backup file):

• In the start menu, select "Administrative Tool" .
• launch IIS Manager
• Open the properties window of the concerned website. To do so right click on it or select Properties in the menu
• Open the "Directory Security" tab  
• Click "View Certificate" . A window opens
• Click the Details tab 
• Click "copy in a file". A wizard is launched.
• Follow the instructions to create a .pfx file



• choose to export the private key
• then on the next page
• tick "enable strong protection" (do not tick the box if the certificate is not to be imported on IIS)
• include the certification chain
  ("Include all certificates in certificate path if possible")
• DO NOT delete the private key


• Provide a cypherment password for this file
• Store the .pfx file and its password in a safe place.

.PFX (PKCS12 format) exportation for every IIS versions

This .pfx can then be imported in an other server Microsoft IIS 5, 6, or IIS 7 server or in Microsoft ISA, orMicrosoft Exchange. It make the certificate move possible.

You can also convert your pfx certificate into a PEM or JKS (Java, Tomcat, ...) 

Export the certificate without using IIS (ISA, Exchange, ...): Launch the MMC

• Click  Start then select   Run and type mmc





• Clck on the  File menu and select   Add/Remove Snap in





• Choose   Add, select   Certificates in the   Standalone Snap-in list then click   Add





• Choose   Computer Account and click   Next





• Tick   Local Computer and click   Finish





• Close the window and click OK in the previous window

IN "certificates" >> "personal", select your certificate and right-click on it, "all tasks", "export"

• choose to export the private key
• then on the next page
• tick "enable strong protection" (do not tick the box if the certificate is not to be import on IIS)
• include the certification chain
  ("Include all certificates in certificate path if possible")
• DO NOT delete the private key

provide a cypherment password for this file

Store the .pfx file in a safe place with its password.