12.11. Backing Up SSL Certificates
You want to back up your server certificate and its associated private key.
Using a graphical user interface
From the Start menu, select Run, type
mmcand click OK to open a new MMC console.
Select File → Add/Remove snap-in, click Add, click Certificates, and click Add.
Select Computer Account and click Next.
Select Local computer (the computer this console is running on) and click Finish.
Click Close and then OK.
In the left pane, expand Certificates (Local Computer) → Personal → Certificates.
Right-click on the previously installed certificate and select All Tasks → Export to start the Certificate Export Wizard and click Next.
Select Yes, export the private key, and click Next.
Select DER encoded binary X.509 (CER) but do not select Delete the private key if export is successful and click Next.
Specify a name and path for the export file such as C:\Certback\back.cer, click Next, and then Finish.
Note that you can also choose to export the certificate to a shared folder on a remote server, which may be a better option if you want to centralize certificate backups for multiple web servers.
Using a command-line interface
Using the IISCertDeploy.vbs command script included in the IIS 6 Resource Kit
Tools, the following command backs up a server certificate
previously installed on a web site that has ID number
> iiscertdeploy -e C:\Certback\back.pfx -p
Note that the certificate is backed up as a password-protected ...