Microsoft KB Archive/227888

= Importing a key backup file to use in Internet Information Services 5.0 =

Article ID: 227888

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q227888



SUMMARY
After you install Internet Information Services (IIS) 5.0, you may want to import a backup key file from an older version of IIS. This allows you to use the SSL capabilities on your new server (and replace the old one).

Note If you are upgrading the server to IIS 5.0, this should be done for you automatically. You will not need to export or import the private or public key pair from the older server. It is always recommended, however, that you keep a backup for emergency purposes. For more information about backing up your key pairs, click the following article number to view the article in the Microsoft Knowledge Base:

185195 How to use key and certificate backup/restore utility

Before you go through this process, be sure that the common name (CN) of the computers is the same. In other words, if your user will be typing in https://www.widgets.microsoft.com (as an example), the common name on the certificate needs to reflect this (in other words, it would be www.widgets.microsoft.com). Typically, this should be the same name that the DNS server resolves as you server.

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. All of the default security-related configuration settings in IIS 6.0 meet or exceed the security configuration settings made by the IIS Lockdown tool. Therefore, you do not need to run this tool on Web servers that are running IIS 6.0. However, if you are upgrading from a previous version of IIS, you should run the IIS Lockdown Tool before the upgrade to enhance the security of your Web server.



MORE INFORMATION
To import a key file from another server, follow these steps:
 * 1) Open the Internet Services Manager.
 * 2) Select the Web site that you want to enable SSL on.
 * 3) Open the properties of that Web site and click the Directory Security tab.
 * 4) Under the Secure Communications section, click Server Certificate to open the new Web Site Certificate Wizard.
 * 5) Click Next, and then choose the Import a certificate from a key manager backup file option.
 * 6) Click Next.
 * 7) Input the location of your backup *.key file.
 * 8) Click Next.
 * 9) Enter the password that you set when you made the backup and click Next.
 * 10) Double-check the summary data to be sure this is the proper key you want to import.
 * 11) Click Next.

You can now use SSL on the new Web server using the key pairs that you backed up from the old server. Be sure to secure the old key file so no one has access.

Additional query words: key manager ssl iis export

Keywords: kbinfo KB227888

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.