Step-by-Step instructions on transferring SSL certificate between servers

Sometimes it’s necessary to move SSL certificates between Windows Servers. This can be for a number of reasons, everything from a load balancer environment, to a Wildcard or Multi-Domain certificate, even switching hosting providers. In this guide we will cover the basic process behind exporting an SSL Certificate from one server to another.

Assuming you have already installed the SSL Certificate on one machine, this process will break down into three separate steps.

  • Exporting the SSL Certificate
  • Importing the SSL Certificate
  • Configuring your Server

Please note: This set of directions instructs on how to export from the MMC console. You will receive a .pfx file and your private key. It’s crucial that you hold on to these in order to install them on your new server.

Exporting the SSL Certificate

  1. Click Start, select Run and type MMC into the field. Select OK.
  2. Click File, select Add/Remove Snap-In.
  3. Select Certificates, click Add button.
  4. Click on the Computer account, hit Next.
  5. Leave Local Computer selected and click Finish > OK.
  6. Now from MMC Console Bar, Click the plus (+) sign next to Certificates.
  7. Select the plus (+) sign next to the Personal folder, click Certificates, right-click on your SSL Certificate. Select All Tasks, then click Export.
  8. The Certificate Export Wizard should appear, click Next.
  9. Select Yes, export the private key and press Next.
  10. Select Include all certificates in the certification path if possible, click Next. Make sure to export the Private key.
  11. Select a password. This will be needed during the import process.
  12. Find a place to save the .pfx file.
  13. Click Finish.

Importing the SSL Certificate

  1. Click Start, select Run and then type MMC into the field. Click OK.MMC
  2. Click File, select Add/Remove Snap-In.add or remove snap-ins
  3. Click the Add button and select Certificates.
  4. Click Computer Account, then select Next.
  5. Select Local Computer and click Next.
  6. Go back to the Console and expand Certificates (Local Computer) >> Personal >> Certificates.
  7. Right-click the Personal Folder and select All Tasks, then hit OK.
  8. This should open the Certificate Import Wizard, click Next.certificate import wizard
  9. Select Browse, choose Personal Information Exchange and find your SSL Certificate’s .pfx file. (Note: change the file type from “X.509…” to “Personal Information Exchange (*.pfx, *.p12)” if the file doesn’t appear)
  10. Enter the password that was set during the export.
  11. Select “Mark this key as exportable” and click Next.
  12. Select “Automatically select the certificate store based on the type of certificate.” Click Next.
  13. Click Finish, then refresh.

Assigning the SSL Certificate

  1. In IIS, right-click the website that needs the certificate assigned, click Properties.
  2. Click the Directory Security tab.
  3. Click the Server Certificate button, this will launch the Server Certificate Wizard.server certificate wizard
  4. Select “Assign an Existing Certificate.
  5. Select Next.
  6. Select the correct SSL Certificate.
  7. Click Next.
  8. Click Finish.

Done. Congratulations!

Related Posts


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.