Install a PFX file on IIS 5 or 6
Follow this procedure to install a pfx file. This file can be generated for a server migration or during the creation of a backup file.NB: This procedure can also be applied to PKCS#12 files (.p12 extension) containing your certificate, its private key and the certification chain. .pfx and .p12 extensions are used for the same kind of files.
1- Launch the MMC
Direct link to launch the certificates manager:click on Start, on execute, enter certmgr.mmc then click OK.
Or use the following procedure:
- Click on Start then select Run and enter mmc
- Click on the File menu and select Add/Remove Snap in
- Choose Add, select Certificates in the Standalone Snap-in list then click Add
- Choose Computer Account and click on Next
- Choose Local Computer and click on Finish
- Close the window and click OK on the previous window
2- Import the PFX file
- Go to the personal certificates repertory
- Right click on it and select All tasks > Import
- Look for your .pfx via the wizard
- Enter the .pfx password
- Check Mark cert as exportable
- Select Automatically place the certificates in the certificate stores based on the type of the certificate
- Click Finish
- Close the MMC
3 - Link the certificate in IIS 5 or 6
- On the Start menu, click Administrative Tools.
- Go to "Internet Information Services (IIS) Manager"
- Right click on the website and select Properties.
- Open the Directory Security tab.
- Click Server Certificate. The wizard opens.
- Choose the "Replace your current certificate" option and click Next.
- Select the new certificate among the list (see the expiration date). click Next.
- Read the recap and click Next.
- It's done! Your website now uses the new certificate.
4- Run a test
Check the access of your website's secured pages with IE 6 and Firefox. IE 7 and Firefox 3 may display an error message to tell you the site names are not matching, as you are running a local test.Common issues on Windows:
"revocation check failed"
This issue is caused by the server which wants to check the CRL when importing the certificates. If its modul, that uses WinHTTP, cannot access internet, the operation fails.Troubleshooting: See our FAQ about OCSP protocol support
Conversions and platforms changement:
- Import a pfx (or pkcs12) in IIS7
- Install intermediate or root certificates manually
- Convert a #PKCS12 (PFX) into a JKS (Apache/Microsoft to Tomcat)
- Convert a #PKCS12 (PFX) into a PEM (Mircosoft, Firewall, ... to Apache)
- I used Keybot during the order process (.pkey file downloaded): How to get a PFX?
Last edited on 05/14/2020 14:12:44 --- [search]