Recipe12.11.Backing Up SSL Certificates


Recipe 12.11. Backing Up SSL Certificates

Problem

You want to back up your server certificate and its associated private key.

Solution

Using a graphical user interface

  1. From the Start menu, select Run, type mmc and click OK to open a new MMC console.

  2. Select File Add, click Certificates, and click Add.

  3. Select Computer Account and click Next.

  4. Select Local computer (the computer this console is running on) and click Finish.

  5. Click Close and then OK.

  6. In the left pane, expand Certificates (Local Computer) Personal

    Right-click on the previously installed certificate and select All Tasks Next.

  7. Select Yes, export the private key, and click Next.

  8. Select DER encoded binary X.509 (CER) but do not select Delete the private key if export is successful and click Next.

  9. Specify a name and path for the export file such as C:\Certback\back.cer, click Next, and then Finish.

Note that you can also choose to export the certificate to a shared folder on a remote server, which may be a better option if you want to centralize certificate backups for multiple web servers.

Using a command-line interface

Using the IISCertDeploy.vbs command script included in the IIS 6 Resource Kit Tools, the following command backs up a server certificate previously installed on a web site that has ID number 1005026399:

> iiscertdeploy -e C:\Certback\back.pfx -p <password> -i w3svc/1005026399

Note that the certificate is backed up as a password-protected *.pfx file. Do not lose your password or you won't be able to restore your backed-up certificate if necessary.

Using VBScript

For a good example script on how to export or back up a certificate, see iiscertdeploy.vbs in the IIS 6 Resource Kit.

Discussion

Backing up your server certificate is important in case you need to replace your SSL-enabled web server with a different computer. Be sure you back up certificates and any private keys to a secure location.

To restore a backed-up server certificate to a different IIS computer, follow the previous procedure, but at step 7, select All Tasks

Do not select the option Delete the private key if export is successful when you run the Certificate Export Wizard; otherwise, SSL will no longer work on your site and will have to be reconfigured.


See Also

Recipe 12.9



Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net