PFX Export/Import Explained IIS7

PFX Export/Import Explained

How to Import and Export your SSL Certificate in IIS 7

PFX Backup Tutorial for Microsoft IIS 7 Servers
The PFX extension is used on Windows servers for files containing both the public key files (your SSL certificate files, provided by DigiCert) and the associated private key (generated by your server at the time the CSR was generated).
Since both the public and private keys are needed for an SSL certificate to function, a PFX backup is always needed to transfer an SSL server security certificate from one server to another.
This tutorial explains how to back up your certificate from a working server, import the certificate to a second server, and then enable the certificate for use on the new server. If you have not yet installed the certificate files you received from DigiCert to the server that generated your CSR, please see our IIS 7 installation instructions.
Exporting/Backing up your certificate/Private Key (to .pfx file format)

1. Start > Run
2. Type in MMC and click OK
3. Go into the File Tab > select Add/Remove Snap-in
4. Click on Certificates and click on Add.
5. Select Computer Account > Click Next
6. Select Local Computer > Click Finish
7. Click OK to close the Add/Remove Snap-in window.
8. Double click on Certificates (Local Computer) in the center window.
9. Double click on the Personal folder, and then on Certificates.
10. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
11. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
12. Choose to 'Yes, export the private key'
13. Choose to "Include all certificates in certificate path if possible." (do NOT select the delete Private Key option)
14. Enter a password you will remember
15. Choose to save file on a set location
16. Finish
17. You will receive a message > "The export was successful." > Click OK
18. The .pfx file backup is now saved in the location you selected.

Importing your Certificate/Private Key (from .pfx file format)

1. Start > Run
2. Type in MMC and click OK
3. Go into the File Tab > select Add/Remove Snap-in
4. Click on Certificates and click on Add.
5. Select Computer Account > Click Next
6. Select Local Computer > Click Finish
7. Click OK to close the Add/Remove Snap-in window.
8. Double click on Certificates (Local Computer) in the center window.
9. Right click on the Personal Certificates Store (folder)
10. Choose > ALL TASKS > Import
11. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. You will need to browse for .pfx files.
12. Enter the password that was used when exporting the certificate to a .pfx file.
13. If desired, check the box to "Mark this key as exportable."
14. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
15. Click Finish to close the certificate wizard.
16. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.

Configuring Your Site - IIS 7

1. Click on Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
2. Click on the server name.
3. Expand the Sites folder.
4. Select the site to be secured (usually the default web site).
5. From the "Actions" menu (on the right), click on "Bindings..." under Edit Site.
   
6. In the "Site Bindings" window, click "Add..." This will open the "Add Site Binding" window.
   
7. Under "Type" choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The "SSL Certificate" field should specify the certificate that was installed during the import process described above.
   
8. Click "OK."
   
9. Your SSL certificate is now installed, and the website configured to accept secure connections.

Occassionally a server or IIS restart is required before your server will recognize the new certificate.