HOME | SERVICES | CONTACT | PORTFOLIO | MUSIC

Moving a SSL to a new Server (IIS 6.0)

Posted At : November 26, 2007 11:34 PM | Posted By : Robert Owen
Related Categories: Support, Web Design, MicroSoft, Software

Ever had to move an SSL to a new server? Well I have and, I can never remember the steps. I end up spending and hour or so just looking it up on the web so I can accomplish this 5 minute task. It's pathetic really. But, once you get them installed moving them is not something that you do everyday.

So, I've decided to use my site to hold these directions for the next time I SPAZZ out. Maybe they will be of some use to someone else?

Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates.

You do this by clicking "START" ---> "Run" ----> "MMC"

Then you will need to ADD the Certificates "Snap-In"

Click "File" ---> "Add Snap-in"

Then.... Chose the "Certificate" Snap-in

Then select to manage the certificates on the Local computer account.

Then select to manage the certificates for the local computer.

Step 2: Export the certificate

  1. Open the Certificates (Local Computer) snap-in you added, and select Personal > Certificates.
  2. The Subject field of the certificate lists the Common Name (CN). (Click Tools > Internet Options > Content to view the Common Name if you are not sure).
  3. Right-click on the desired certificate and select All Tasks > Export. The Certificate Export Wizard opens.
  4. Select Yes, export the private key.
  5. Click Next.
  6. In the Export File Format window, ensure the option for Personal Information Exchange - PKCS#12 (.pfx) is selected.
  7. Select Include all certificates in the certificate path if possible and then click Next. (If you do not select the Include all certificates in the certificate path if possible option, your server may not recognize the issuer of the certificate, which may result in security warnings for your clients.
  8. De-select Require Strong Encryption. (This may cause a password prompt every time an application attempts to access the private key or it may cause IIS to fail).
  9. Click Next.
  10. Enter and confirm a password to protect the PFX file and click Next.
  11. Choose a file name and location for the export file (do not include an extension in your file name; the wizard automatically adds the PFX extension for you).
  12. Click Next.
  13. Read the summary and verify that the information is correct. Pay special attention to where you saved the file. Ensure that the information is correct.
  14. Click Finish.

Now that we have the certificate exported, we need to import it onto the new server. Import the Certificate

  1. Create a Microsoft Management Console (MMC) snap-in for managing certificates, as described above. (Note: You must use the Computer Account when creating the Snap-in
  2. Open the Microsoft Management Console (MMC).
  3. On the left pane, click Certificates.
  4. On the right pane, double-click Personal.
  5. On the right pane, right-click Certificates and select All Tasks > Import (this opens the Certificate Import Wizard). Click Next.
  6. Browse to the certificate that you want to import and click Next.
  7. Enter the password used to secure the certificate for export and then click OK.
  8. To export the certificate again from this computer, select Mark the key as exportable.
  9. Select the option Automatically select the certificate store based on the type of certificate. (This ensures all the certificates in the certification path (Root, Intermediate, and Server) are stored in the proper place. Problems may occur if a certificate is placed in the wrong store.) Click Next.
  10. Click Finish. A message confirms successful import. Click OK.

Now you need to assign the Certificate.

  1. Open the Internet Information Services (IIS) Manager: Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manger.
  2. In the Web Sites section, right-click your Web Site and select Properties.
  3. Click the Directory Security tab.
  4. In the Secure Communications section, click Server Certificate (this opens the Web Server Certificate Wizard) and then click Next.
  5. Select Assign an existing certificate and then click Next.
  6. Select the certificate to import (denoted by the Common Name) and then click Next.
  7. A summary page displays the details of the certificate that you are installing. Ensure that this information is correct and then click Next.
  8. Click Finish.

Comments (2) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 957 Views

Related Blog Entries

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
Thanks this was really helpful. Saved me a lot of time most likely.
# Posted By Shane | 4/15/08 6:55 AM
Great tutorial, thank you.
# Posted By Ariel | 5/4/08 1:01 AM
[Add Comment]
Content Copyright © 2005 Owen Consulting - All Rights Reserved | This Blog Powered by BlogCFC version 5.9.1.002.