When you use Internet Information Services (IIS) 5.0, you may want to back up your server certificate(s). Windows 2000 makes this process easy using the new Certificates snap-in.
Use the following steps to create a new MMC and add the Certificates snap-in:
- Click Start , and then click Run.
- Type in "MMC.EXE" (without the quotation marks) and click OK.
- Click Console in the new MMC you created, and then click Add/Remove Snap-in.
- In the new window that appears, click Add.
- Highlight Certificates , and then click Add.
- Choose the Computer account option and click Next.
- Select Local Computer on the next screen, and then click OK.
- Click Close , and then click OK.
- Open the Certificates (Local Computer) snap-in you added in the last section, navigate to Personal, and then to Certificates.
- You will see your Web server certificate denoted by the CN (Common Name) found in the Subject field of the certificate (using Internet Explorer 5.0, you can easily view the certificate to see the Common Name if you are unsure).
- Right-click on the server certificate, select All Tasks, and then click Export.
- When the wizard starts, click Next. Choose to export the private key, and then click Next. NOTE: If you export the certificate for use on an IIS Web server, do not select Require Strong Encryption. This option causes a password prompt every time an application attempts to access the private key, and causes IIS to fail.
- The file format you will want to choose is the Personal Information Exchange (though you can select from several options). This will create a PFX file. Notice that you can export any certificates in the certification path by selecting the option on this screen. This is very handy if your certificate was issued by a non-trusted certificate authority (for example, Microsoft Certificate Server). Only choose delete the private key if the export is successful to be sure it is not left on the computer (for example if your migrating from one server to another).NOTE: If you do not select "Include all certificates in the certificate path if possible" and the issuer of the certificate is not trusted by your server, then you may notice that when the properties of the certificate are viewed, the "This certificate is issued to:" field may display "Windows does not have enough information about this certificate". This is by design and can be resolved by selecting "Include all certificates in the certificate path" while exporting the certificate.
- Click Next, and then choose a password to protect the PFX file. You will need to enter the same password twice to ensure that the password is typed correctly. When you have completed this step, click Next.
- Choose the file name you want to save this as. Do not include an extension in your file name; the wizard will automatically add the PFX extension for you.
- Click Next, and then read the summary. Pay special attention to where the file is being saved to. If you are sure the information is correct, choose Finish.
For additional information about troubleshooting SSL certificates, click the following article numbers to view the articles in the Microsoft Knowledge Base:
186796 Troubleshooting "invalid password" error using SSL certificates
254902 Invalid SSL certificates may be bypassed in Internet Explorer
296833 Windows may not be able to handle SSL certificates that contain odd-sized keys
For additional information about SSL certificates, click the following article number to view the article in the Microsoft Knowledge Base:
227888 Importing a key backup file to use in Internet Information Services 5.0For additional information about importing backed-up certificates, click the following article number to view the article in the Microsoft Knowledge Base:
232137 How to import a server certificate for use in Internet Information Services 5.0
Article ID: 232136 - Last Review: Jun 19, 2014 - Revision: 1