How to export certificates between Windows servers

How to export certificates between Windows servers

Transferring an SSL certificate from one Windows server to another involves exporting a PFX file from the server where the certificate is currently installed and importing it onto the destination server. Creating a PFX file is the sole method for moving the certificate along with its associated private key from a Windows server. Alongside the certificate and private key, a PFX file may also include intermediate certificates. This consolidates all certificate information (public and private keys) into a single, password-protected container.

Exporting a certificate from a Windows server can be accomplished either through Microsoft Management Console (MMC) or via IIS Manager if the certificate is already installed.

Export using MMC

1) ចុច Win + Rវាយបញ្ចូល mmc ។ ហើយចុច OK to open Microsoft Management console:

2) ចុច ឯកសារ in the Menu Bar and then select បន្ថែម/លុប Snap-in:

3) ជ្រើសរើស វិញ្ញាបនប័ត្រ ពីទំព័រ Available snap-ins ហើយចុច បន្ថែម:

២) ជ្រើសរើស Computer account:

5) ជ្រើសរើស Local Computer to manage the snap-in.

ចំណាំ: To see the certificates in the local computer store, you should be logged in as Administrator.

6) ចុច OK to add the selected snap-in to the console window:

7) Go to the Personal >> Certificates store, right-click on the certificate you want to export, and select All Tasks >> Export:

8) នៅពេលដែល Certificate Export Wizard opens, click បន្ទាប់ to proceed:

9) When prompted, select Yes, export the private key ហើយចុច បន្ទាប់:

ប្រសិនបើការ Yes, export the private key option is not clickable, this means that the private key for the certificate is not exportable or is absent from the machine, and you will not be able to export a PFX file.

This may happen when the CSR code was created on a different server and the private key is not present on the current machine, or if the imported certificate was initially uploaded without the private key. To solve the issue you will need to generate a new CSR code with an exportable private key and reissue your certificate.

10) In the Export File Format dialogue window select Personal Information Exchange – PKCS #12 (.PFX) as the format you want to use. You may also check the Include all certificates in the certification path if possible option to place all intermediate certificates into the PFX file. Once done, click បន្ទាប់:

11) Specify the password for the PFX file and click បន្ទាប់.

This password is very important. Please remember it; this password will be required when importing a PFX file on a new server.

12) Specify the location and name of the file where PFX will be exported. Click បន្ទាប់:

13) To complete the wizard, click the បញ្ចប់ button. The certificate along with the private key has been successfully exported to the PFX file:

Export using IIS

1) ទៅ។ Start >> Administrative Tools >> Internet Information Services (IIS) Manager.

2) Select the server on which the certificate is installed.

3) Choose the វិញ្ញាបនប័ត្រម៉ាស៊ីនមេ option on the central menu:

4) Right-click on the needed certificate and select ការនាំចេញ.

Only the certificates associated with private keys are shown in the list of server certificates in IIS Manager.

5) Specify the filename, location, and PFX export password and click OK:

A PFX file has now been exported and can be found in the specified location. Importing a certificate on a new server can be also performed by using either Microsoft Management Console or IIS Manager.

Import using MMC

1) Add the Certificates (Local Computer) snap-in to MMC by following the steps described above.

2) Once added, right-click on the Personal store >> All Tasks >> Import:

3) Certificate Import Wizard will be launched, press បន្ទាប់:

4) Using the រកមើល button choose the .pfx file that you want to import to your server, press បន្ទាប់:

5) Enter the PFX file password that was specified during the creation of the .pfx file.

អ្នកអាចជ្រើសរើស សម្គាល់សោនេះថាអាចនាំចេញបាន។ so that you can export the certificate with the private key from this server later. Then click បន្ទាប់:

6) In the next dialogue window, choose Automatically select the certificate store based on the type of certificate. This will allow MMC to place the certificates from the .pfx file in the corresponding folders if the file also contains intermediate certificates. Click បន្ទាប់:

7) ចុច បញ្ចប់. The certificate has been imported to the server and can be now assigned to the website:

Once the certificate is imported, please keep in mind that the ចង to a secured port has to be created for the website to use it.

1) To do this, select the គេហទំព័រ folder in the Connections panel on the left side of IIS Manager and click on the corresponding site. Then, in the សកម្មភាព panel on the right side, select Bindings….

2) ចុច បន្ថែម… នៅផ្នែកខាងស្តាំនៃ Site Bindings បង្អួច។

3) The next pop-up window will feature several fields that need to be modified:

  • ប្រភេទ – select “https” from the drop-down menu;
  • អាសយដ្ឋាន IP – choose the specific IP address or “All Unassigned”;
  • កំពង់ផែ – specify the port number for a secure connection. The default port number is 443;
  • ពួកគេផ្តល់វិញ្ញាបនបត្រ SSL – select the corresponding certificate, identified by the previously specified Friendly name.
  • Require Server Name Indication – please make sure to select this option in order for the server to use the proper certificate for the specific ឈ្មោះដែន name. Do not use the same SSL for all the sites hosted on the server.

4) ចុច OK to bind the certificate with the site. The new entry should appear in the Site Bindings បង្អួច។

ចំណាំ: Usually, there is no need to restart the server, so after the SSL certificate has been installed and the binding created, your site should become accessible via https:// in a browser.

To check if the certificate has been successfully installed, you can use នេះ ឧបករណ៍។

Import PFX using IIS Manager

1) Launch Internet Information Services Manager (Start >> Administrative Tools >> Internet Information Services (IIS) Manager), and choose the server the certificate should be imported to.

2) ចុចពីរដង វិញ្ញាបនប័ត្រម៉ាស៊ីនមេ in the central menu.

3) ចុចលើប៊ូតុង នាំចូល button in the right-hand menu:

4) Locate the PFX file on your machine and specify the password that was used when exporting the certificate. Optionally, you may check Allow this certificate to be exported។ បន្ទាប់មកសូមចុច OK:

Assigning a certificate to a website

Once the certificate has been imported by any of the methods described above, it will be shown in the list of server certificates in IIS Manager.

After that, please make sure to complete the ចង of the certificate to a specific website.

You can find more information on how to bind the certificate to a website in IIS in this installation guide.