12.11. Backing Up SSL Certificates

Problem

You want to back up your server certificate and its associated private key.

Solution

Using a graphical user interface

  1. From the Start menu, select Run, type mmc and click OK to open a new MMC console.

  2. Select File Add/Remove snap-in, click Add, click Certificates, and click Add.

  3. Select Computer Account and click Next.

  4. Select Local computer (the computer this console is running on) and click Finish.

  5. Click Close and then OK.

  6. In the left pane, expand Certificates (Local Computer) Personal Certificates.

  7. Right-click on the previously installed certificate and select All Tasks Export to start the Certificate Export Wizard and click Next.

  8. Select Yes, export the private key, and click Next.

  9. Select DER encoded binary X.509 (CER) but do not select Delete the private key if export is successful and click Next.

  10. Specify a name and path for the export file such as C:\Certback\back.cer, click Next, and then Finish.

Note that you can also choose to export the certificate to a shared folder on a remote server, which may be a better option if you want to centralize certificate backups for multiple web servers.

Using a command-line interface

Using the IISCertDeploy.vbs command script included in the IIS 6 Resource Kit Tools, the following command backs up a server certificate previously installed on a web site that has ID number 1005026399:

> iiscertdeploy -e C:\Certback\back.pfx -p <password> -i w3svc/1005026399

Note that the certificate is backed up as a password-protected ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.