How to Move a Digital Certificate

While migrating to a new server is neither easy or fun, there are times when it must be done. If it is a Web server using digital certificates, then the certificates need to be regenerated or moved to the new server in order for SSL to continue its job of securing the site and the e-commerce transactions that it facilitates. Fortunately, there is a process for moving a digital certificate from an old server to a new server.

Export the Certificate from the Old Server

• 1

  Click "Start," enter "mmc" in the Search Box and press "Enter." This starts the Microsoft Management Console.

• 2

  Select "File," and click "Add/Remove Snap-in." Select "Certificates" and click "Add." Click the "Computer Account" and click "Finish." Click "OK" to close the dialog.

• 3

  Expand "Certificates (Local Computer)" in the left panel, expand the "Personal" object, and click "Certificates."

• 4

  In the center panel, click the certificate you want to export. Locate the item corresponding to your certificate in the "Actions" panel on the right, and click "More Actions," and "All Tasks."

• 5

  Click "Export" to start the Certificate Export Wizard, and click "Next" on the initial screen to proceed.

• 6

  Select "Yes, export the private key," and click "Next," then click "Next" to accept the export defaults.

• 7

  Enter a password for the exported certificate and record it in a safe place. Confirm the password by re-entering it in the "Confirm" box. Click "Next."

• 8

  Enter a file name for your exported certificate. To ensure that you can find the file, browse to a specified location, enter the file name, click "Save," then click "Next." Click "Finish" to export the certificate and close the Export Wizard.

Import the Certificate to the Target Server

• 1

  Copy the file you exported previously to your target server. You can choose any of a number of methods, including emailing it to yourself, copying it to a flash drive, or copying it to a CD.

• 2

  On the target server, click "Start," enter "mmc" in the Search Box and press "Enter."

• 3

  Select "File," and click "Add/Remove Snap-in." Select "Certificates" and click "Add." Click the "Computer Account" and click "Finish." Click "OK" to close the dialog.

• 4

  Expand "Certificates (Local Computer)" in the left panel and expand the "Personal" object.

• 5

  Right-click "Certificates," click "All Tasks," and click "Import" to start the Certificate Import Wizard.

• 6

  Click "Next" to proceed to the "File to import" dialog. Browse for the file name you copied from the old server and click "Open." Click "Next," enter the password you created during the export process, and click "Next."

• 7

  Click "Next" to accept the default certificate store location of "Personal." Click "Finish." You should see a message box indicating the import was successful. Click "OK."

Assign the Imported Digital Certificate to the Target Website

• 1

  Expand the machine level in the panel on the left, and expand the "Sites" item. Click on the target site for the certificate.

• 2

  In the "Actions" panel on the right, click "Bindings." Click "Add" in the "Site Bindings" dialog.

• 3

  Expand the "Type" drop-down and select "https." Expand the "IP Address" drop-down and select the IP address assigned to the target site.

• 4

  Expand the "SSL Certificate" drop-down and select the certificate that you imported above. Click "OK" to accept, and then "Close" to close the dialogs. Your imported digital certificate is now assigned with the target Website.

• 5

  Start a browser session and enter "https://<sitename>," where <sitename> is the name of your site. Press "Enter," and if you see a Security Alert dialog asking permission to proceed, you have successfully moved your digital certificate.