Skip to main content

How do I back up and restore SSL certificate and its associated private key in IIS 7?

User-added image

How do I back up and restore my SSL certificate and its associated private key in Microsoft IIS 7?

Skip to steps

NOTE : These instructions apply to the following server types:
Microsoft IIS 7
Microsoft Exchange 2007 (Windows Server 2008)
Microsoft Exchange 2010
Microsoft Office Communications Server 2010


It is highly recommended that you back up your server certificate in a secure location. This will allow you to re-import your certificate and private key in case the original becomes corrupted.

This process is in three parts:
1) Open Microsoft Management Console (MMC)
2) Backing up your server certificate and private key
3) Restoring the server certificate and private key

Part 1 of 3: Open Microsoft Management Console (MMC)

1. Go to Start > Run

2. Enter MMC and click OK.

3.
Select File > Add/Remove Snap-in .

4. Click Certificates and click Add.

5. Select Computer Account , and click Next .



6. Select Local Computer and click Finish .



7. Click OK to close the Snap-ins window.


Part 2 of 3: Backing up your server certificate and private key

1. In MMC , double-click Certificates (local computer) .

Double-click Personal .

Double-click Certificates .

2. Right-click on the certificate you need to backup and select All Tasks > Export to open up the wizard. Complete the wizard to create a .pfx file. This .pfx file is the backup file for the certificate and the private key associated with it

3. Select Yes, export the private key .

Note : If the option to export the private key is grayed out, then the private key is either missing from the server or was set to be un-exportable. In either scenario, you will not be able to back up your certificate and private key pair.

4. Select Include all certificates in the certificate path if possible .

5. Enter a password to protect the .pfx file.

6. Select the location where you wish to save the file.

The generated .pfx file is your certificate and private key backup.

Make sure that you store the file in a secure place.

Write down the file password and store it in a safe and secure place. This password is your only way to access the backed-up certificate and private key.


Part 3 of 3: Restoring the server certificate and private key

You restore your server certificate and private key pair by importing the certificate and private key backup file.

1. In MMC , double-click Certificates (local computer) . Right-click Personal and select All Tasks > Import.

2. Complete the wizard to import the backup file of your certificate.

Note : When you browse for your .pfx certificate backup file, make sure that the file extension drop down menu is set to see Personal Information Exchange (.pfx, p12) or all file types (*.*).

3. Enter the correct password for the file.

4. Select to automatically place the certificate in the certificate store based on the type of certificate.

5. Click Finish to close the wizard, and close the MMC console to complete the certificate import.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088