Export (or Backup) a Certificate

General Information ID:    INFO214    Updated:    04/13/2016

Description

 
Creating a backup copy of the SSL certificate and the associated private key will allow for the installation of the certificate from one server to another in case the original certificate becomes corrupted.
 
When exporting (or backing up) a SSL certificate the private key is copied to an encrypted file on the local server. The private key was created on the server when the Certificate Signing Request (CSR) was generated. Select the appropriate software vendor and version below for backup instructions.
 
IMPORTANT!   Symantec highly recommends to save the file to a portable back up drive and store it in a safe place.
 
Once the SSL certificate has been exported, click here for instructions on how to import the certificate
 
Microsoft IIS Version 5.0,  6.0, 7.0 or 8.0
 
 
Step 2: Export the certificate
 
1.  Open the Certificates (Local Computer) snap-in and click Personal > Certificates from the left hand pane

2.  Right-click on the desired certificate and click All Tasks > Export. The Certificate Export Wizard opens
 
3.  Select the radio button, Yes, export the private key. Click Next

4.  In the Export File Format window, ensure the option for Personal Information Exchange  - PKCS#12 (.pfx) is selected

5.  Click the box for Include all certificates in the certificate path if possible. If this option is not checked the server may not recognize the issuer of the certificate which may result in security warnings for clients

6.  De-select Require Strong Encryption. (This may cause a password prompt every time an application attempts to access the private key or it may cause IIS to fail). Click Next

7.  Enter and confirm a password to protect the PFX file and click Next

8.  Choose a file name and location for the export file. Click Next

9.  Read the summary and verify that the information is correct. Pay special attention to where the file is saved. Ensure that the information is correct. Click Finish
 
Apache
 
1.  Locate the private key and certificate files. The following directives in the httpd.conf point to the location of the key and certificate files:
 
SSLCertificateFile ... /path/to/mycertfile.crt 

SSLCACertificateFile … /path/to/intermediate.crt

SSLCertificateKeyFile ... /path/to/mykeyfile.key
 
NOTE:  Depending on the version of Apache, the directive may be SSLCACertificateFile or SSLCertificateChainFile and the configuration file may be httpd.conf or ssl.conf file
 
2.  Copy the .key file, both .crt files (one is the server certificate and the other is the intermediate CA certificate), and the httpd.conf file onto a portable back up drive
 
<filename>.key – private key

<filename>.crt – server certificate

<filename>.crt – intermediate CA certificate

httpd.conf - Web server configuration file
 
iPlanet Version 4.0 and 6.0
 
1.  Locate the alias directory within the iPlanet directory

2.  Locate the files: https < server_name > cert7.db and https <server_name> key3.db

3.  Copy the files and import to another iPlanet version 4.0 or 6.0 server
 
IBM Websphere Server
 
1.  Type ikeyman on a command line on UNIX or start the Key Management utility in the IBM Websphere Server folder

2.  Click Key Database File from the main menu, and then click Open

3.  In the Open dialog box, type the key database name or click the key.kdb file if the default is being used. Click OK

4.  In the Password Prompt dialog box, type the password, and click OK

5.  Select Personal Certificates in the Key Database content frame, and then click the Export/Import button on the label

6.  In the Export/Import Key window, click Export Key

7.  Select the key database file type

8.  Type the file name or browse and select the location and file name, and then click OK

9.  In the Password Prompt dialog box, type the password, and then click OK

10.  In the Select from Key Label list, select the correct label name and click OK
 
Tomcat
 
1.  Navigate to the location where the keystore is kept
For example: /path/to/my/.keystore

2.  Make a copy of the keystore file. This contains the private and public keys
 
3. Copy and install the keystore file to another Tomcat server

Contact Support

Find Answers

Languages

This article is available in the following languages: