Microsoft KB Archive/324904

= HOW TO: Import and Export an IIS 4.0 Certificate by Using Key Manager =

Article ID: 324904

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q324904



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



IN THIS TASK
SUMMARY
 * Export a Certificate
 * Import a Certificate



SUMMARY
This step-by-step article describes how to correctly export and import a server certificate to a key storage (.key) file by using Key Manager in Internet Information Server (IIS) 4.0.

Export a Certificate
To export the server certificate to a key storage file, follow these steps:
 * 1) Click Start, point to Programs, and then point to Windows NT 4.0 Option Pack.
 * 2) Point to Microsoft Internet Information Server, and then click Internet Service Manager.
 * 3) Expand Internet Information Server, and then expand.
 * 4) Right-click the Web site that contains the server certificate, and then click Properties.
 * 5) Click the Directory Security tab, and then click Edit under Secure Communications.
 * 6) Under Secure Communications, click Key Manager.
 * 7) In the Key Manager window, expand WWW, and then select the key that you want to export or back up.
 * 8) On the Key Manager menu, click Key, click Export Key, and then click Backup File.
 * 9) Read the warning, and then click OK.
 * 10) Select a secure location to save the key, and then click Save.

back to the top

Import a Certificate
To import a server certificate from a key storage file, follow these steps:
 * 1) Click Start, point to Programs, and then point to Windows NT 4.0 Option Pack.
 * 2) Point to Microsoft Internet Information Server, and then click Internet Service Manager.
 * 3) Expand Internet Information Server, and then expand.
 * 4) Right-click the site that contains the server certificate, and then click Properties.
 * 5) In the site properties, click the Directory Security tab, and then click Key Manager in the Secure Communications section.
 * 6) In the Key Manager window, select the service to which you want to import the backup key file.
 * 7) On the Key Manager menu, click Key, point to Import Key, and then click Backup File.
 * 8) In the Open dialog box, select the location of the key storage file in the Look In drop-down list, click the .key file that you want to import, and then click Open.
 * 9) In the Confirm Password box, type the password that was used during the creation of the server certificate request, and then click OK.NOTE: If the password is unavailable or you cannot remember it, you cannot import the key storage file.


 * 1) In the Server Bindings window, make sure that the IP address that is specified for the certificate matches the IP address of the Web site on which it will be used. The port number text box can be left as Any Unassigned Port, which is the default setting if you plan to use the default Secure Sockets Layer (SSL) port of 443. If you want to change the SSL port, specify the port number that you want to use in the Any Unassigned Port text box, and then type the same port number in the Web site properties SSL Port text box. For example, if the certificate will be used on the default Web site and the IP address is configured as All Unassigned, the IP address under the properties of the certificate in Key Manager must also be configured for All Unassigned.


 * 1) On the Key Manager menu, click Computers, click Commit Changes Now, and then click Yes in the Commit all changes now? warning box.
 * 2) On the Key Manager menu, click Computer, and then click Exit to close Key Manager.
 * 3) In the Secure Communications dialog box, click OK.
 * 4) In the Web site property sheet, make sure that the SSL Port text box has a value of 443 specified.

NOTE: You can also follow these steps to open Key Manager:
 * 1) Click Start, and then click Run.
 * 2) Type keyring, and then press ENTER.

back to the top

Keywords: kbhowto kbhowtomaster KB324904

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.