Question
How can I get public and private keys out of IIS?
Notes
- Self-signed certificates cannot be used for this process. Certificates must be signed by a trusted CA. Self-signed certificates can only be used with Agents, Site Server, or the Work Manager, if they are created with certman.
- Certificates in IIS are typically stored in the "Personal" or "Web Hosting" certificate store for the "Computer account".
Answer
- Open the Microsoft Management Console (mmc).
- In the File menu select "Add/Remove Snap-in".
- Double-click "Certificates" in the list of available snap-ins, select to manage certificates for the "Computer account" of the "Local computer", and click "Finish".
- Click "OK" to populate the snap-in.
- Navigate to the correct Certificate Store (typically "Personal" or "Web Hosting") to find the desire certificate.
- Right-click the desired certificate and go to All Tasks > Export.
- Proceed through the Certificate Export Wizard, selecting "Yes, export the private key".
- Select to export a PFX, with "Include all certificates in the certification path if possible".
- Choose a password to encrypt the PFX and a path to export it to. This PFX can be used as the "private key" in AccessData products.
- Back in the MMC, right-click the desired certificate again and go to All Tasks > Export.
- Proceed through the Certificate Export Wizard, selecting "No, do not export the private key".
- Select to export a "Cryptographic Message Syntax Standard" P7B, checking to "Include all certificates in the certification path".
- Choose a path to export the certificate to. This P7B can be used as the "public key" in AccessData products.
Overview
AD Enterprise, the AccessData Agent, and Site Server all require a public and private key pair to function. If you use IIS to generate or otherwise house your certificates, you may need to extract your private/public key pair to use with Exterro products.
This article is verified as of version 7.6 SP3