We've recently suffered a server collapse while moving sites from one box to another. The old box was running IIS6 / Windows Server 2003, the new IIS7 / Windows Server 2008. Normally when moving sites with SSLs we exported the Certificate on the old box as a PFX and imported this onto the new box. Alas, with the sudden collapse of our old server, this is no longer an option.
What we DO have are the original CSR and the resulting CER files. Importing these into the certificates snapin on the new 2008 box doesn't work – the certs are missing the key icon and they are not selectable in IIS7. Indeed, if we try to add them THROUGH IIS7 they appear until you move away from the Server Certificates section, at which point they disappear.
Is there any way, given the files we do have, of importing these to our new server? I found a method involving the use of certutil -repairstore my [serial number] – but this gave us access denied even when run from Administrator Command Prompt.
That I am here asking this on a Sunday night may give you an idea of the seriousness! All help and tips appreciated, thank you.
Best Answer
If all you have are the CSR and the signed certificate you only have the public key. If you have no way of recovering the private key from the old server you will need to start over with a new key + CSR.
When getting a new certificate signed I would recommend making a backup of the private key immediately (same procedure as you describe) and storing that in a safe location to avoid this kind of situation where the only copy is on hardware that no longer works.