Create a backup file of your IIS5, IIS6 or IIS7 certificate and of its private key
Thawte Standard or Wildcard users: before exporting, make sure the Thawte PCA certificate that expires in 2036 does not exist or has been deactivated: Desable Thawte PCA root (2036)VeriSign users: before exporting, make sure the certificate VeriSign Class 3 Public Primary Certification Authority - G5 that expires in 2036 does not exist or has been deactivated:Deactivate VeriSign Class 3 Public Primary Certification Authority - G5 (2036) root
Sectigo users: before exporting, make sure the certificate COMODO RSA Certification Authority that expires in 2038 does not exist or has been deactivated: Deactivate COMODO RSA Certification Authority (2038) root
Exportation of the certificate from IIS5 or IIS6 (not IIS7)
In order to save your certificate elsewhere than on this server (backup file):- In the start menu, select "Administrative Tool" .
- launch IIS Manager
- Open the properties window of the concerned website. To do so right click on it or select Properties in the menu
- Open the "Directory Security" tab
- Click "View Certificate" . A window opens
- Click the Details tab
- Click "copy in a file". A wizard is launched.
- Follow the instructions to create a .pfx file
- choose to export the private key
- then on the next page
- tick "enable strong protection" (do not tick the box if the certificate is not to be imported on IIS)
- include the certification chain
("Include all certificates in certificate path if possible") - DO NOT delete the private key
- Provide a cypherment password for this file
- Store the .pfx file and its password in a safe place.
.PFX (PKCS12 format) exportation for every IIS versions
This .pfx can then be imported in an other server Microsoft IIS 5, 6, or IIS 7 server or in Microsoft ISA, orMicrosoft Exchange. It make the certificate move possible.You can also convert your pfx certificate into a PEM or JKS (Java, Tomcat, ...)
Export the certificate without using IIS (ISA, Exchange, ...): Launch the MMC
- Click Start then select Run and type mmc
- Clck on the File menu and select Add/Remove Snap in
- Choose Add, select Certificates in the Standalone Snap-in list then click Add
- Choose Computer Account and click Next
- Tick Local Computer and click Finish
- Close the window and click OK in the previous window
IN "certificates" >> "personal", select your certificate and right-click on it, "all tasks", "export"
- choose to export the private key
- then on the next page
- tick "enable strong protection" (do not tick the box if the certificate is not to be import on IIS)
- include the certification chain
("Include all certificates in certificate path if possible") - DO NOT delete the private key
Last edited on 12/31/2019 09:43:16 --- [search]