Exporting Your SSL Certificate from a Microsoft Server for Importing to Another Microsoft Server


Windows servers use .pfx files that contain the public key file (SSL Certificate file) and the associated private key file. DigiCert provides your SSL Certificate file (public key file). You use your server to generate the associated private key file as part of the CSR.

You need both the public and private keys for an SSL Certificate to function. So, if you need to transfer your SSL Certificates from one server to another, you need to export is as a .pfx file.

How to Export Your SSL Certificate w/Private Key Using the DigiCert Certificate Utility

These instructions explain how to export an installed SSL Certificate from a Microsoft server and its corresponding private key as a .pfx file for importing to another server. If you need your SSL Certificate in Apache .key format, please see Export a Windows SSL Certificate to an Apache Server (PEM Format).

  1. On your Windows Server, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the certificate that you want to export as a .pfx file, and then click Export Certificate.

    Select Certificate then click Export Button

  4. In the Certificate Export wizard, select Yes, export the private key, select pfx file, and then check Include all certificates in the certification path if possible, and finally, click Next.

    Note:    A .pfx file uses the same format as a .p12 or PKCS12 file.

    Select Certificate then click Export Button

  5. In the Password and Confirm Password boxes, enter and confirm your password, and then, click Next.

    Note:    This password is used when you import this SSL Certificate onto other Windows type servers or other servers or devices that accept a .pfx file.

    Select Certificate then click Export Button

  6. In the File name box, click to browse for and select the location and file name where you want to save the .pfx file, provide a file name (i.e. mySSLCertificate), click Save, and then, click Finish.

    Select Certificate then click Export Button

  7. After you receive the "Your certificate and key have been successfully exported" message, click OK.

    Select Certificate then click Export Button

Import PFX Certificate into Microsoft Windows Server and Configure it

To import your certificate to your server using the DigiCert Certificate Utility, you need to follow the instructions for that particular server type:

IIS 10 Exchange 2013
IIS 8 Exchange 2010
IIS 7 Exchange 2007


After importing your certificate on to the new server, if you run into certificate errors, try repairing your certificate trust errors using DigiCert® Certificate Utility for Windows. If this does not fix the errors, contact support.

Test Your Installation

To verify that the installation is correct, use our DigiCert® SSL Installation Diagnostics Tool and enter the DNS name of the site (i.e. www.yourdomain.com, or mail.yourdomain.com) that you are securing to test your SSL Certificate.