2

Is there a way to use appcmd, MMC or perhaps some other tool to export all IIS SSL certificates and then import them in on another server? I've used appcmd to export the bindings and the application pools, but that's it.

Specifically IIS 8 to IIS 10.

Thanks in advance.

remoteitguy
  • 23
  • 7
  • Yes, there is certainly a way to do this, you can use certutil.exe or PowerShell cmdlets to do this. First find all certificates used by your IIS, and then export them all using these tools. – Peter Hahndorf Aug 03 '18 at 11:48
  • 1
    BTW, not all certificates can be exported (some does not have private key exportable to true). – Lex Li Aug 03 '18 at 14:14
  • 1
    Ahh. But it seems that I'd still have to manually do them one at a time or script it. – remoteitguy Aug 04 '18 at 03:17

1 Answers1

2

Using MMC certmgr you can select all the certs you want and then right-click and Export. This exports all into a single pfx. You can then import using MMC onto a new machine.

However, IIS will not know about them and you will have to select each on in the bindings. This is where I have come unstuck....

mike nelson
  • 216
  • 2
  • 7
  • would be cool if you could just iterate over the bindings in powershell and and export the certificates in use (maybe along with a mapping file?) and then have another powershell script that deploys them on a mirror hot/cold-backup machine or something like that. – mbx Jun 07 '23 at 11:17