This article was previously published under Q232154
Using the Certificates snap-in in Microsoft Windows 2000 and later, you can do many tasks regarding certificates and certificate management. One of these tasks is exporting server certificates for use in an Internet Information Services (IIS) versions 5.0 and later Web server. In order for a server certificate to be used by the web server, you must export the private key along with the certificate. Without the private key, data encryption (and therefore secure communications) is not possible.
When exporting the server certificate from the server's personal certificate store, you may not have the option to export the private key. If this is the case, when the certificate was imported, the option to allow the private key to be exported may have been unchecked. This is a security measure to prevent a possible compromise of the server's private key. Since this could be a potential security risk, the option to mark the private key as exportable is not checked by default.
In order to correct this problem, you will need access to the original certificate backup (.pfx) file. To ensure this problem does not happen in the future (should you want to export the private key again) make sure during the import process that you select the box "mark the private key as exportable."
For additional information about importing server certificates, click the article number below to view the article in the Microsoft Knowledge Base:
232137 HOW TO: Import a Server Certificate in Internet Information Services 5.0
For additional information about exporting (backing up) server certificates, click the article number below to view the article in the Microsoft Knowledge Base:
232136 HOW TO: Back Up a Server Certificate in Internet Information Services 5.0