Exporting SSL Cert private keys in IIS 7.0
In IIS 6 on Server 2003, I can go to a web site's properties and walk through the wizard to generate a new cert request. Once I complete the request and have the cert installed on the web site, I can go into the cert store and export the certificate with the private key, setting a password and saving it as a PFX file.
When I go through a similar procedure in IIS 7 on 2008R2, I can generate the CSR and complete the request. However, the cert in the cert store cannot be exported with the private key and saved as a PFX file. Is there some option or step I am missing in the process so that the private key can be exported in IIS 7?
IIS still has the option to export the certificates directly; alternatively, you can export the certificate using the "Certificates" MMC snap-in (certmgr.msc
).
If this isn't available, you may have set the private key as non-exportable during the key creation process.
In case this is of any help, I had better luck with a variation to Shane's answer.
- Visit the Server Certificates tab in IIS.
- Right-click the certificate and choose View (instead of Export).
- This opens the certificate in a new window. Click the Details tab.
- Click Copy to File.... This opens a different export wizard that has a few more options to choose from.