1. On the Windows server 2016 where the SSL certificate is installed, open the Console.
In the Windows start menu, type "mmc" and open it.
In the Windows start menu, type "mmc" and open it.
Image
2. In the Console window, in the top menu, click "File" > "Add/Remove Snap-in".
Image
3. In the Add or Remove Snap-ins window, in the Available snap-ins pane (left side), select "Certificates" and then click "Add >".
Image
4. In the Certificate snap-in window, select "Computer account" and then click "Next".
Image
5. In the Select Computer window, select "Local computer: (the computer this console is running on)", and then click "Finish".
Image
6. In the Add or Remove Snap-ins window, click "OK".
Image
7. In the Console window, in the Console Root pane (left side), expand Certificates (Local Computer), expand the folder that contains the certificate that you want to export/back up, and then, click the associated Certificates folder.
Note: Your certificate should be in either the Personal or the Web Hosting folder.
Note: Your certificate should be in either the Personal or the Web Hosting folder.
Image
8. In the center pane, right-click on the certificate that you want to export/back up and then click "All Tasks >" "Export".
9. In the Certificate Export Wizard, on the Welcome to the Certificate Export Wizard page, click "Next".
10. On the Export Private Key page, select Yes, export the private key, and then, click "Next".
9. In the Certificate Export Wizard, on the Welcome to the Certificate Export Wizard page, click "Next".
10. On the Export Private Key page, select Yes, export the private key, and then, click "Next".
Image
11. On the Export File Format page, select Personal Information Exchange – PKCS #12 (.PFX) and then check Include all certificates in the certification path if possible.
Warning: Do not select Delete the private key if the export is successful.
Warning: Do not select Delete the private key if the export is successful.
Image
12. On the Security page, do the following:
Password/Confirm Password:
- Check this box
- Then, create and confirm the password. Note: This password will be required when you import the certificate w/private key to your (different) Windows server 2016
Group or user name (recommended):
- Check this box
- In the field below, select the Active Directory user or group account to which you want to assign access to the certificate w/private key.
- Then, click "Add". Note: The server from which you export the certificate w/private key must be part of an AD domain. The server to which you import the certificate w/private key must be tied to an AD domain with a domain controller (DC).
Image
13. On the File to Export page, click "Browse". In the Save As window, locate and select the certificate file that you want to export and then click "Save". Finally, on the File to Export page, click "Next".
Make sure to note the filename and the location where you saved your file. If you only enter the filename without selecting a location, your file is saved to the following location: C:\Windows\System32.
Make sure to note the filename and the location where you saved your file. If you only enter the filename without selecting a location, your file is saved to the following location: C:\Windows\System32.
Image
14. On the Completing the Certificate Export Wizard page, verify that the settings are correct and then, click "Finish".
Image
15. You should receive "The export was successful" message.
The SSL certificate w/private key .pfx file is now saved to the location that you selected.
The SSL certificate w/private key .pfx file is now saved to the location that you selected.