Back Up or Export an SSL Certificate with a Private Key

Many users believe that once they’ve installed an SSL certificate on a web server, they can’t back up or export the certificate and install it on another server. Well guess what? They’re wrong. You absolutely can export a certificate with its private key.

Whether you’re migrating your server, just want to take back up of your certificate or want to export an SSL certificate because it’s corrupted, you can export or back up your SSL/TLS certificate no matter what web server you’re using.

So, when you export an SSL certificate, its private key is copied to an encrypted file on the local server. In this post, we’ll learn easy-to-implement steps for various software vendors and versions, including Microsoft IIS, Apache, and Tomcat.

How to Back Up or Export an SSL Certificate in Microsoft IIS Version 5.0, 6.0, 7.0 or 8.0

Step 1: Create a Microsoft Management Console (MMC) Snap-in. To do this:

1. Go to Start > run > MMC.
2. Now navigate into the console tab. Select File and then click Add/Remove Snap-in.
3. Under the Available Snap-Ins column, select Certificates and click Add.
4. Choose Computer Account and click Next.
5. Now select Choose Local Computer and hit Finish.
6. Now close the Add Standalone Snap-in window and click OK on the Add/Remove Snap-in window.

Step 2: Export Your SSL/TLS Certificate.

1. Now, open the Certificates (Local Computer) snap-in and go to Personal > Certificates from the left-hand pane.
2. Right-click on the certificate you want to export and go to All Tasks > Export. Once you do this, the Certificate Export Wizard will open up.
3. Select the Yes, export the private key option and click Next.
4. Now the Export File Format window will open. Make sure that the option for Personal Information Exchange — PKCS#12 (.pfx) is selected.
5. Tick the box for Include all certificates in the certificate path if possible.
6. Now, de-select Require Strong Encryption.
7. Enter a password for protecting your PFX file and click Next.
8. Now choose a file name and the location to export the file and click Next.
9. Finally, verify all the information and click on Finish if it’s okay.

Export or Back Up an SSL Certificate in Apache

First, you must locate the private key and certificate files. Use the following directives in the main configuration file, find the location of the three key and certificate files:

• SSLCertificateFile … /path/to/mycertfile.crt 
• SSLCACertificateFile … /path/to/intermediate.crt
• SSLCertificateKeyFile … /path/to/mykeyfile.key

NOTE: The name of the directive could be SSLCACertificateFile or SSLCertificateChainFile, and the configuration file may be httpd.conf or ssl.conf file

Now, copy the .key file, both .crt files (one is the server certificate and the other is the intermediate CA certificate), and the httpd.conf file onto a portable backup drive.

• <filename>.key — private key
• <filename>.crt — server certificate
• <filename>.crt — intermediate CA certificate
• httpd.conf — Web server configuration file

Export or Back Up an SSL Certificate in Tomcat

The directions for how to export an SSL certificate with your private key in Tomcat is unbelievably simple.

1. First, go to the location where your keystore has been kept.

2.  Now, make a copy of the keystore file. This contains the private and public keys.

3.  Finally, you can install the keystore file on another Tomcat server.

That’s it! Now you know how to successfully export your certificate with your private key.