How to Export SSL certificate using MMC?

How to Export SSL certificate using MMC?

When an SSL certificate is already installed on a Windows server, you may want to reinstall it on ServiceDesk Plus server. This may be required when you have a Wildcard or a Multi-domain certificate, and the subdomains or different domains are hosted on different machines.
In this case, the certificate can be moved from one server to another in a PFX file. PFX is a common certificate format for Windows servers. The file in this format contains the certificate associated with its private key and, if applicable, intermediate certificates that sign the domain end-entity certificate. As a rule, it has a *.pfx or *.p12 extension. Basically, creating a PFX file is the only way to export a private key from a Microsoft Windows server on which the CSR code was generated.
Follow these steps to perform the certificate export:

Creating a .pfx file

Launch Microsoft Management Console. Press Win+R, type in mmc and press OK.

Click File and select the Add/Remove Snap-in option.

Click on Certificates in the list of Available snap-ins and then, on the Add button.

Select Computer account and click Next.

Choose Local Computer and click on the Finish button.

Click OK to add the certificate snap-in and get back to console.

Expand the Personal store in the left-side menu, and choose Certificates. Right-click on the certificate you want to export > All Tasks > Export.

This will run the Certificate Export Wizard.

Select ‘Yes, export the private key’.

If the radio button ‘Yes, export the private key’ is grayed out, it means that either the private key was not marked as exportable during the certificate request generation, or that you do not have the corresponding private key on the machine you are using.

Note: if you used IIS Manager certificate request wizard to generate the CSR code, the private key will be marked as exportable by default.

In this case, you will not be able to create a PFX file, only export the certificate without the private key. To have the opportunity to export the certificate to another machine, you will need to create a new CSR code marking the private key as exportable and perform a certificate reissue. Otherwise, you can generate a new CSR code for the same common name on the new machine and import the certificate to it after the reissue is completed.

With a COMODO certificate you can perform a reissue an unlimited amount of times for each server. 

If you can export the private key, proceed to the next stage. The window Export File Format will have the format Personal Information Exchange - PKCS #12 (.PFX) selected. Please check Include all certificates in the certification path if possible to have the certificate exported with the chain of intermediate CA certificates into a .pfx file. Then click Next.

Note: do not choose ‘Delete the private key if the export is successful’.

Type and confirm password on the next window and click Next. Make sure you remember the password; it will be used later during the import of a .pfx file to a new server.

Note: The encryption method used for the password has to be 'TripleDES'. Also, the password should not contain the symbol '&'

In the File to Export window select the name and location of the .pfx file to which the certificate and private key will be exported.

Click Finish to complete the export wizard. The certificate has been successfully imported.

Click here for instructions to Install the .PFX type certificate in ServiceDesk Plus.

                    New to ADSelfService Plus?

                      • Related Articles

                      • How to install SSL certificate in AssetExplorer

                        SSL Installation Do you have a Wildcard or a Multi-domain certificate already running in your other servers and want to reinstall in on AssetExplorer server ?, then click here to find how to export SSL certificate using MMC.  Do you already have a ...
                      • How to install SSL certificate of .PFX format for 9.4 builds

                        Installing .PFX Certificate   .PFX is an extension for security certificate. It defines a file format that stores private keys (generated by your server at the time the CSR was generated) and public key certificate (your SSL Certificate provided by ...
                      • How do I install SSL certificate for ServiceDeskPlus-MSP?

                        Introduction ServiceDesk Plus - MSP can run as a HTTPS service. But it requires a SSL (Secure Socket Layer) Certificate signed by a valid Certificate Authority (CA). By default, on a first-time start-up, it creates a self-signed certificate. This ...
                      • SSL Installation

                        Do you have a Wildcard or a Multi-domain certificate already running in your other servers and want to reinstall in on ServiceDesk Plus server ?, then click here to find how to export SSL certificate using MMC.  Do you already have a .PFX certificate ...
                      • How to install .pfx certificate manually in ServiceDesk Plus MSP version 10.5 and above

                        The below steps are applicable for version 10.5 and above. For .pfx certificate installation in version 9427 and below, follow the steps here. NOTE: Please take a server snapshot before following the steps given below A PKCS12 (.pfx) certificate ...