Exporting/Backing Up a .pfx File
Windows Servers use the PKCS#12 or PFX file as a way to back up and export SSL Certificates. This format is a binary format where the server certificate, any intermediate certificates, and the private key are stored in a single encrypted file. PFX files are usually found with the extensions .pfx and .p12.
- From the Start screen, type Run and click enter.
- In the Run window,type mmc and then, click enter.
- In the User Account Control window, click Yes to allow the MMC to make changes.
- In the Console window, click File > Add/Remove Snap-in.
- In the Add or Remove Snap-ins window, under Available snap-ins, click Certificates and then Add.
- In the Certificates snap-in window, click Computer account then click Next.
- In the Select Computer window, click Local computer: (computer this console is running on), then click Finish.
- In the Add or Remove Snap-ins window, click OK.
- In the Console window, in the Console Root section, expand Certificates (Local Computer), also expand the folder that contains the certificate that you want to export/back up, and then, click the associated Certificates folder. Be sure to check the Personal or the Web Hosting folders.
- In the center section of the window, right-click on the certificate that you want to export/back up, then click All Tasks > Export to open the Certificate Export Wizard.
- Click Next on the Welcome to the Certificate Export Wizard page..
- On the Export Private Key page, select yes, export the private key, and then, click next.
- On the Export File Format page, select Personal Information Exchange, also click Include all certificates in the certification path if possible, then, click next.
- On the Security page, check Password, enter and confirm your password.
- On the File to Export page, browse and select the file that you would like to export/back up.
- Make sure to note the filename and the location where you saved the .pfx file.
- On the Completing the Certificate Export Wizard page, verify that the settings are correct and then, click Finish.
- You should receive "The export was successful" message.
- The .pfx file is now saved to the location that you selected.
Importing your SSL Certificate (.pfx) File to a new Server.
- From the Start screen, type Run and click enter.
- In the Run window, type mmc and then click enter.
- In the User Account Control window, click Yes to allow the MMC to make changes.
- In the Console window, click File > Add/Remove Snap-in.
- In the Add or Remove Snap-ins window, under Available snap-ins, click Certificates, then click Add.
- In the Certificates snap-in window, select Computer account, click Next.
- In the Select Computer window, select Local Computer, click Next.
- In the Add or Remove Snap-ins window, click OK.
- In the Console window, in the Console Root section, expand Certificates.
- Right-click on the Personal folder then click All Tasks > Import to open the Certificate Import Wizard.
- On the Welcome to the Certificate Import Wizard page, click Next.
- Follow the instructions in the certificate import wizard to import your primary certificate from the .pfx file. On the Certificate Store page, select the option "Automatically select the Certificate store based on the type of Certificate"
- On the Completing the Certificate Import Wizard page, verify your settings and then, click Finish.
- You should receive a "The import was successful" message.
- After you import the SSL Certificate .pfx file, you need to enable the new certificate on the server.