Question

How can I get public and private keys out of IIS?

Notes

  • Self-signed certificates cannot be used for this process.  Certificates must be signed by a trusted CA.  Self-signed certificates can only be used with Agents, Site Server, or the Work Manager, if they are created with certman.
  • Certificates in IIS are typically stored in the "Personal" or "Web Hosting" certificate store for the "Computer account".

 

Answer

 

  1. Open the Microsoft Management Console (mmc).
  2. In the File menu select "Add/Remove Snap-in".
  3. Double-click "Certificates" in the list of available snap-ins, select to manage certificates for the "Computer account" of the "Local computer", and click "Finish".
  4. Click "OK" to populate the snap-in.
  5. Navigate to the correct Certificate Store (typically "Personal" or "Web Hosting") to find the desire certificate.
  6. Right-click the desired certificate and go to All Tasks > Export.
  7. Proceed through the Certificate Export Wizard, selecting "Yes, export the private key".
  8. Select to export a PFX, with "Include all certificates in the certification path if possible".
  9. Choose a password to encrypt the PFX and a path to export it to.  This PFX can be used as the "private key" in AccessData products.
  10. Back in the MMC, right-click the desired certificate again and go to All Tasks > Export.
  11. Proceed through the Certificate Export Wizard, selecting "No, do not export the private key".
  12. Select to export a "Cryptographic Message Syntax Standard" P7B, checking to "Include all certificates in the certification path".
  13. Choose a path to export the certificate to.  This P7B can be used as the "public key" in AccessData products.

 

Overview

AD Enterprise, the AccessData Agent, and Site Server all require a public and private key pair to function.  If you use IIS to generate or otherwise house your certificates, you may need to extract your private/public key pair to use with AccessData products.