There are multiple reasons why you may need to move or copy an SSL certificate from one web server to another. If you have purchased a wildcard certificate for your network, you are probably going to use that same certificate on a lot of different servers, as it can be used to validate multiple websites and DNS names. Even if you are using singularly named certificates, you may be turning on multiple web servers to host the same site, to be set up in some sort of load-balanced fashion. In this case, you will also need the same SSL certificate on each of the web servers, as they could all potentially be accepting traffic from clients.
When moving or copying a certificate from one server to another, there is definitely a right way and a wrong way to go about it. Let's spend a little bit of time copying a certificate from one server to another so that you can become familiar with this task.
We have two Server 2016 boxes online in our environment. These are both destined to be web servers hosting the same website. IIS has been installed on both. The SSL certificate that we require has been installed on the primary server. We now need to export the certificate from there and import it successfully onto our second server.
Follow these steps to copy a certificate from one server to another:
PFX
file and place it onto your Desktop (or wherever you told it to save). Now copy this PFX
file over to your secondary web server.PFX
file.
We used the IIS management console to export and import an SSL certificate, which is a pretty straightforward and simple task to do once you understand the process. The critical part is making sure that your export includes the private key information. If it does not, the certificate will not be able to validate traffic properly. Using IIS to accomplish this task is the best way to move certificates. You could also make use of the MMC snap-in for certificates, but it is a little more complicated. If you try to use that console, you will be asked whether or not you want to export the private key. The default option is set to No, do not export the private key. It is a common mistake to leave that setting in place and wonder later why the certificate doesn't work properly on other servers where you have installed it. You must make sure to select the option Yes, export the private key.
18.221.18.145