Backing Up Server Certificates

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can use the Certificate Manager MMC snap-in to back up server certificates.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To back up a server certificate by using Certificate Manager

  1. If you do not have Certificate Manager installed in the MMC, install it.

  2. Locate the correct certificate store. This is typically the Local Computer store in Certificate Manager.

  3. In the Personal store, click the certificate that you want to back up.

  4. On the Action menu, point to All tasks, and then click Export.

  5. In the Certificate Manager Export Wizard, click Yes, export the private key.

  6. Follow the wizard default settings, and enter a password for the certificate backup file when prompted.

    Important

    Do not select Delete the private key if export is successful, because this will disable your current server certificate.

  7. Complete the wizard to export a backup copy of your server certificate.

To add Certificate Manager to the MMC

  1. To open an MMC console:

    • From the Start menu, click Run.

    • In the Open box, type the following: mmc.

    • Click OK.

  2. On the File menu, click Add/Remove Snap-in.

  3. In the Add/Remove Snap-in box, click Add.

  4. In the Available Standalone Snap-ins list, click Certificates, and then click Add.

  5. In the Certificates snap-in box, click Computer Account, and then click Next.

  6. In the Select Computer box, click Local Computer, and then click Finish.