How to Export Private Key from Windows Server
Creating a .pfx file is the only way to export a private key from Microsoft Windows Server, which has generated its related CSR. This step by step guide will show you how to create such a file.
Creating an MMC Snap-in to Manage Certificates
- Right-click on the start button and select Run.
- Type in “mmc” in the newly opened window and press on OK.
- Click on File and select “Add/Remove Snap-in” from the menu.
- Once in the Add/Remove Snap-in page, select “Certificates” from the “Available Snap-ins” menu on the left and click on Add.
- Select “Computer account” and hit Next.
- Select “Local Computer” and click on Finish.
- Finally, click on OK and return to the main console.
Exporting a Certificate
To export a certificate, follow these instructions.
- Find the “Certificates” folder on the left menu.
- Go to: Certificates > Personal > Certificates.
- Right-click on the certificate you wish to export and go to All Tasks and hit Export.
- Hit Next on the Certificate Export Wizard to begin the process.
- Select “Yes, export the private key” and hit next.
Note: If the “Yes, export the private key” option is greyed out for you, that means you did not select the option to export private keys during the certificate creation process; hence you will not be able to create a .pfx file. If the “IIS Manager certificate request wizard” was used to generate a certificate, then the private key will be marked as exportable by default.
- In the next step, choose “Personal Information Exchanges - PKCS #12(.pfx)” and check “Include all certificates in the certification path if possible” and hit Next.
- Set a safe password and click on Next. Make sure to either choose a password you can remember or use a password manager since you will need it when importing the .pfx file on another server.
- Choose a name for your .pfx file and where you want to export it and hit Next.
- Click on Finish to complete the Certificate Export process.
If you have followed all the steps correctly, a success prompt will appear.
Import a Certificate to Another Server
You can use either MMC or IIS Manager to import a .pfx file.
Import .pfx File Using MMC
Similar to our explanation in the first part of this user guide, open up the MMC console through the Run window and follow these instructions:
- Find the Personal sub-folder under the Certificates folder, and right-click on it.
- Go to: All Tasks > Import.
- Hit Next on the Certificate Import Wizard to begin the process.
- Choose where you want to import the .pfx file and hit Next.
- Enter the password you set during the Export process, and if you intend to export this file from this server again, then make sure you have selected “Mark this key as exportable” and hit Next.
- Choose “Automatically select the certificate store based on the type of certificate” and hit Next.
- Click on Finish to complete the file import.
Import .pfx File Using IIS Manager
- Search “Administrative Tools” in the Start menu and click on Internet Information Services (IIS) Manager.
- Choose the server you want to create a certificate for, from the left menu marked “Connections.”
- Click on “Server Certificates” and then “Security.”
- Click on Import from the Actions menu on the right side.
- Select the .pfx file on here and enter the password for it and make sure to enable the “Allow this certificate to be exported” option and click on OK.
Regardless of whether you import this file through MMC or IIS Manager, the final result is that a certificate will be added to the Server Certificates section on IIS Manager.