Import (or move) a Certificate

General Information ID:    INFO218    Updated:    03/23/2017

Description

 
An SSL certificate is bound to both the server software (i.e., Microsoft to Microsoft) and the certificate common name (i.e., “www.company.com” or “acme.com”). If these remain identical, you can export (back-up) the certificate and its private key from the original server and import (move) it into the target server.
 
IMPORTANT: Before you can Import (move) your certificate, you must first Export (back-up) your certificate. Please click here for instructions on how to Export your Certificate.
 
Once your certificate is Exported, please select the correct software vendor and version below for import instructions:
 
 
Microsoft IIS Version 5.0 and 6.0
 
A. Import the Certificate
 
1.  Create a Microsoft Management Console (MMC) snap-in for managing certificates, as described in solution SO6127.
 
NOTE:  You must use the Computer Account when creating the Snap-in

2.  Open the Microsoft Management Console (MMC).

3.  On the left pane, click Certificates.

4.  On the right pane, double-click Personal.

5.  On the right pane, right-click Certificates and select All Tasks > Import (this opens the Certificate Import Wizard). Click Next.

6.  Browse to the certificate that you want to import and click Next.

7.  Enter the password used to secure the certificate for export and then click OK.

8.  To export the certificate again from this computer, select Mark the key as exportable.

9.  Select the option Automatically select the certificate store based on the type of certificate. (This ensures all the certificates in the certification path (Root, Intermediate, and Server) are stored in the proper place. Problems may occur if a certificate is placed in the wrong store.) Click Next.

10.  Click Finish. A message confirms successful import. Click OK.
 
B. Assign the Certificate
 
1.  Open the Internet Information Services (IIS) Manager: Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manger.

2.  In the Web Sites section, right-click your Web Site and select Properties.

3.  Click the Directory Security tab.

4.  In the Secure Communications section, click Server Certificate (this opens the Web Server Certificate Wizard) and then click Next.

5.  Select Assign an existing certificate and then click Next.

6.  Select the certificate to import (denoted by the Common Name) and then click Next.

7.  A summary page displays the details of the certificate that you are installing. Ensure that this information is correct and then click Next.

8.  Click Finish.
 
Apache

1. Copy the three files exported (private key (.key) , intermediate and public key (.crt or .cer)) to the appropriate directory on the target host.

2.  Edit the virtual host section of the httpd.conf file so that the SSLCertificateFile directive points to the certificate file, the SSLCACertificatFile points to the intermediate file and the SSLCertificateKeyFile directive points to the .key private key file.

You can use the virtual host section of the httpd.conf file on the diskette, USB Storage Device or CD as a guide.
 
3. Save your httpd.conf file and restart Apache. you can most likely do so by using the apachectl script:

apachectl stop

apachetl startssl

NOTES:

Depending on the version of Apache, the directive SSLCACertificatFile may be SSLCertificateChainFile

Some instances of Apache contain both an httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter the directives in both conf files as there will be a conflict and Apache may not start. 

iPlanet Version 4.0 and 6.0
 
1.  Rename the files on the backup to conform to: https-admsrv-(servername).cert7.db' and 'https-admsrv-(servername).key3.db
 
2.  Create a Trust Database for the server.

3.  In the Alias directory, replace the cert7.db and key3.db files of the admin server to the cert7.db and key3.db of the new site.

4.  Restart the Web Service. 
 
IBM Websphere Server
 
1.  Type ikeyman on a command line on UNIX or start the Key Management utility in the IBM Websphere Server folder.

2.  Select Key Database File from the main menu, and then select Open.

3.  In the Open dialog box, type your key database name or click the key.kdb file if you are using the default. Click OK.

4.  In the Password Prompt dialog box, type your correct password, and click OK.

5.  Select Personal Certificates in the Key Database content frame, and then click the Export/Import button on the label.

6.  In the Export/Import Key window, select Import Key.

7.  Select the key database file type.

8.  Type the file name or use the Browse option, and select the correct location and file name, and then click OK.

9.  In the Password Prompt dialog box, type the correct password, and then click OK.

10.  In the Select from Key Label list, select the correct label name and click OK.
 
Tomcat
 
1.  Copy the backed up Keystore file to your SSL Directory. This directory can sometimes be hidden. For example: /root/.keystore

2.  Edit the server.xml file to configure the SSL connector.

 

Contact Support

Knowledge Center

Languages:

This article is available in the following languages: