Create a public private key pair for certificate in IIS
Solution 1:
On modern versions of IIS, start the IIS Manager console, click your server in the left pane, then double click "Server Certificates" in the right pane. Now you'll notice in the far right pane, you have an option to "Create Certificate Request" and "Complete Certificate Request".
So once you have created the CSR, take it to the Certificate Authority and they will either grant it or deny it.
The key here (no pun intended) is that the private key is generated when you create the CSR, and therefore the only host that has the private key that corresponds to that CSR right now is the web server on which you created the CSR. So you can only complete the certificate request on the same server. Assuming the Certificate Authority grants your request, the signed response that you get back from the CA will be bound with your private key at the time that you complete the certificate request.
Once you've completed the certificate request, open an MMC console and add the Certificates snapin and locate the certificate that you just received. You can see that you have a corresponding private key for this certificate because it has a little key on its icon. Right click and export it, and make sure that you export the private key with it. The wizard should ask you to password protect the file.
You can now take this exported certificate, with its private key, to any other server you like. Be very careful with this file, as it contains both the public and private key for this certificate so you obviously want to keep it safe.
Solution 2:
If your SSL certificate does not have a private key associated with it there is a command line repair utility that will reassociate the private key with the imported certificate:
Find the certificate in the respective store and double click on it. Go to the details tab and copy down the serial number. Open an administrative command prompt and run the following command:
certutil -repairstore my "SerialNumber"
Insert the serial number exactly as listed. Once the utility runs refresh the MMC snap-in and you should now see the key symbol in the upper left corner indicating the private key is associated with the new certificate.