This article has been archived. It is offered "as is" and will no longer be updated.
After you install Internet Information Services (IIS) 5.0, you may want toimport a backup key file from an older version of IIS. This allowsyou to use the SSL capabilities on your new server (and replace the oldone).
Note If you are upgrading the server to IIS 5.0, this should be done foryou automatically. You will not need to export or import the private or publickey pair from the older server. It is always recommended, however, thatyou keep a backup for emergency purposes. For more information about backing up your key pairs, click the following article number to view the article in the Microsoft Knowledge Base:
185195 How to use key and certificate backup/restore utility
Before you go through this process, be sure that the common name (CN) ofthe computers is the same. In other words, if your user will be typingin https://www.widgets.microsoft.com (as an example), the common name onthe certificate needs to reflect this (in other words, it would bewww.widgets.microsoft.com). Typically, this should be the same name thatthe DNS server resolves as you server.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. All of the default security-related configuration settings in IIS 6.0 meet or exceed the security configuration settings made by the IIS Lockdown tool. Therefore, you do not need to run this tool on Web servers that are running IIS 6.0. However, if you are upgrading from a previous version of IIS, you should run the IIS Lockdown Tool before the upgrade to enhance the security of your Web server.
To import a key file from another server, follow thesesteps:
Open the Internet Services Manager.
Select the Web site that you want to enable SSL on.
Open the properties of that Web site and click the DirectorySecurity tab.
Under the Secure Communications section, click ServerCertificate to open the new Web Site Certificate Wizard.
Click Next, and then choose the Import acertificate from a key manager backup file option.
Input the location of your backup *.key file.
Enter the password that you set when you made the backupand click Next.
Double-check the summary data to be sure thisis the proper key you want to import.
You can now use SSL on the new Web server using the key pairs thatyou backed up from the old server. Be sure to secure the old key file so no one has access.