IIS - Backup and restore pending request

With this manual a pending certificate request can be back-upped to a file, together with the private key. In addition this manual describes how the backup can be restored.

Open Local Machine certificate store

  1. Click StartRun, type mmc and click OK
  2. Go to menu File and choose Add/Remove Snap in
  3. Select Certificates and click on Add
  4. Select Computer Account. Note: This step is very important: it must be the computer account (and no other). Click on Next
  5. Choose Local Computer and click on Finish
  6. Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap-in window and go back to the MMC.

Making a backup of the Private Key and the Pending Request

  1. Expand the tree under Certificates (Local Computer) and find a folder named Request or Certificate Enrolment Requests. In this folder there is a sub-folder named Certificates. This contains the key which corresponds with the pending Certificate Request.
  2. Select the key of which a backup must be made.
  3. Right-click the key, click All Tasks, and then Export... to start the Certificate Export Wizard
  4. Click on Next
  5. Choose the option Yes, export the private key and then click Next
  6. Accept the default settings on the Export File Format page and click Next
  7. Enter a password to secure the private key and then click Next
  8. Enter the file name and -path for the backup, with the extension .pfx.
    Note: it is sensible to save the Private Key on another medium (for instance a USB stick), and preferably another physical location as well. That way the Private Key can be easily restored if there is a technical problem. Then click Next
  9. Click Finish
  10. A message appears indicating the export was successful. 

Restoring a backup of the Private Key and Pending Request

  1. Open the Certificates MMC Snap-in as described in the first part of this manual. Expand the tree under Certificates (Local Computer) and look for a folder named Request or Certificate Enrolment Requests. In this folder there is a sub-folder named Certificates.
  2. Right-click the Certificates folder, choose All Tasks and click Import.
  3. The Certificate Import Wizard is started. Click Next
  4. Click Browse... and choose the .pfx file with the previously created backup of the Private Key and the Pending Request, and click Next
  5. Enter the password for the .pfx file (which was set when creating the file), select Mark the Private key as exportable and click Next
  6. Select Place all certificates in the following store. Make sure the default certificate store is set to Certificate Enrollment Requests and click on Next
  7. At the end of the Certificate Import Wizard page, click Finish. A message will appear stating that the import is successful. 
  8. A message will appear stating that the import is successful. 

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues