Steps to Import and Export SSL (PFX) file in IIS
SSL stands for Secure Socket Layer and establishes an encrypted connection between two computers across the internet. A digital certificate contains information that identifies an organization or individual and allows them to secure a website by encrypting data sent to and from it.
When configuring an SSL connection in IIS, you must import or export SSL certificate (PFX file) from the server.
To ensure your SSL certificate’s functioning, public and private keys must be preserved. Conveniently, Windows servers store these two files in a single PFX format. If you wish to transfer an SSL security certificate from one machine to another, you must create a .pfx file backup.
This guide will walk you through the process of how to export SSL certificates (PFX file) from IIS and how to import them into IIS.
Why Do You Need to Import or Export an SSL File?
There are two main reasons why you may need to import or export an SSL file:
- If you need to move your SSL certificate from one server to another, such as when upgrading hardware.
- If you’re troubleshooting a website issue and need to be able to quickly “turn off” the certificate without affecting other settings.
When upgrading the hardware, it is essential to export the certificate and its associated private key from the server before you begin. If something goes wrong during the process, you can import it back onto the old server without any downtime.
If you are troubleshooting a website issue and need to quickly turn off or disable your SSL certificate without affecting other settings, exporting and importing an SSL file is also a great option. It allows you to quickly toggle between different security configurations without making any permanent changes.
How to Export and Save an SSL Certificate in IIS?
- Begin by typing MMC into the Start menu and click OK.
- To enable the requested changes, simply select ‘Yes’ when prompted in the User Account Control window!
- To access the Add/Remove Snap-in feature, open the Console window and select File from the top menu.
- In the Add or Remove Snap-ins window, locate Certificates under Available snap-ins and click “Add” to get started.
- Head over to the Certificates snap-in window and select Computer account. Then, click Next to continue on through the process.
- In the Select Computer window, choose your current computer by selecting “Local computer” and click on Finish. Voila! You’re done!
- To finish the process, click ‘OK’ in the Add or Remove Snap-ins window.
- Launch your Console window to find the certificate file and navigate to the Console Root folder. After opening Certificates (Local Computer), it will be in either the Personal or Web Hosting folder.
- To export the desired certificate file, simply right-click it and select ‘All Tasks’ > ‘Exports.’
- Advance to the next page in the Certificate Export Wizard by clicking “Next” on the Welcome page.
- On the Export Private Key page, check Yes to export the private key and then click Next.
- While on the Export File Format page, select Personal Information Exchange. Check ‘Include all certificates in the certification path if possible‘ before clicking Next to continue.
- In the security field, input a secure password and click ‘Next’ to proceed.
- Navigate to the folder where you want to save your exported certificate and click “Next” for further instructions.
- Verify that your settings are accurate on the Completing the Certificate Export Wizard page and then click Finish to complete the process.
How to Import an Existing SSL Certificate in IIS?
- To launch the Microsoft Management Console, go to your Start menu, type MMC and click OK.
- To confirm, click ‘Yes’ in the User Account Control window.
- To add or remove snap-ins in the Console window, navigate to File at the top of your menu and select Add/Remove Snap-in.
- To obtain your Certificate snap-in, go to the Add or Remove Snap-ins window and locate it in the Available snap-ins section. Then simply click ‘Add‘ so that you can easily access it!
- To begin, open the Certificates snap-in window and select your computer account. Then click ‘Next’ to continue!
- To complete the process, select the “Local computer” option in the Select Computer window and hit “Finish“.
- Click “OK” in the Add or Remove Snap-ins window to confirm your changes.
- You can locate your certificate file in either the Personal or Web Hosting directory by navigating to the Console and expanding the Certificates (Local Computer) folder.
- To import a certificate, simply right-click the file and select “All Tasks > Import” from the options.
- Click “Next” on the Welcome to the Certificate Import Wizard page to advance to the next step.
- To import your primary SSL certificate from the PFX file, follow the instructions!
- At the Certificate Store page, opt for “Automatically select the certificate store based on the type of certificate” to ensure ease and accuracy.
- Carefully inspect your settings and then hit Finish for completion.
Troubleshooting Tips
- If your certificate is not in the list, try different browsers. Ensure all server settings are configured correctly and that you’re using a valid IP address for the domain. Additionally, enable TLS 1.2 protocol on IIS and restart the web server.
- If you experience any issues when exporting or importing your certificate, compare the data with other certificates to determine if something went wrong during transmission. If it’s still not working properly, contact your SSL certificate provider for further assistance!
- Finally, don’t forget to back up your certificate file before making any changes! This way, you’ll have an extra copy of your information just in case something goes wrong while installing/upgrading/migrating/uninstalling. This can help save you from a world of headaches in the future.
Conclusion
Exporting and importing SSL certificates in IIS can be a complicated process – but with the correct information and tools, it doesn’t have to be! Following the steps outlined above, you can easily export and import your certificate files without hassle.