I have an SSL certificate installed on a Windows Server 2003 box that is due to expire next week.
I was going to take the renewal opportunity to move the website to a different server however someone else has gone ahead and part installed a renewed certificate on the same server.
Is it possible for me to move the certificate from the 2003 box to a 2008 box?
I understand this should be as simple as exporting the old certificate and importing the new one but I can't get it to work.
-
Through the MMC console on the
2003box i exported the newly installed certificate as ap7b, including all certificates where possible. -
Copied the file to the
2008box -
imported the cert into the personal certificates store through MMC
It said import successful and I can see the cert in the list however it doesnt show up in IIS 🙁
What am I doing wrong?
Thanks
Best Answer
Most likely you have only copied over the certificate chain, but not the private key for the SSL certificate. It should mention if it has a private key in the certificate information. When a certificate with a private key is first imported into Windows, there is an option to allow the private key to be marked exportable, if it is not (which is default), then Windows will not allow you to export the private key and move it elsewhere. There might be some tools for getting around this, but it's certainly not Microsoft approved. Look at the certificate information on the original computer and it should report that a private key is available, but I bet it's not exportable.