Backup a Private Key

1. Go into Key Manager within IIS 4.0
2. Export a copy of the private key by selecting Key > Export Key> Backup File.
   The default format is a .key file
3. Store the exported key in a secure location like a disk. It is important to make a copy of the private key that does not reside on the actual server to safeguard against possible loss of the key in the event that the server crashes.

1. Open the MMC (Microsoft Management Console) From your server, go to Start > Run and enter mmc in the text box. Click on the 'OK' button.
   
2. Add the certificate snapin
   
   • a. From your server, go to Start > Run and enter mmc in the text box. Click on the 'OK' button.
   • b. Click on the 'Add' button. Select 'Certificates' from the list of snap-ins and then click on the 'Add' button.
   • c. Select the Computer account option. Click on the 'Next' button.
   • d. Select the Local computer (the computer this console is running on) option. Click on the 'Finish' button.
   • e. Click on the 'Close' button on the snap-in list window. Click on the 'OK' button on the Add/Remove Snap-in window.
     
3. Backup the private key
   • a. Click on Certificates from the left pane.
   • b. Look for a folder called 'REQUEST' or 'Certificate Enrollment Requests' > Certificates
   • c. Select the private key that you wish to backup. Right click on the file and choose > All Tasks > Export…
   • d. The certificate export wizard will start, please click 'Next' to continue. In the next window select 'Yes, export the private key' and click 'Next'.
   • e. Leave the default settings selected and click 'Next'.
   • f. Set a password on the private key backup file and click 'Next'.
   • g. Click on 'Browse' and select a location where you want to save the private key Backup the file to this location and then click 'Next' to continue. By default the file will be saved with a .pfx extension.
   • h. Click 'Finish' to complete the export process
     
4. Backup the private key

1. Open the Certificates (Local Computer) snap-in you added, and select Personal > Certificates.
2. The Subject field of the certificate lists the Common Name (CN).
3. Right-click on the desired certificate and select All Tasks > Export . The Certificate Export Wizard opens.
4. Select Yes, export the private key.
5. Click Next
6. In the Export File Format window, ensure the option for Personal Information Exchange - PKCS#12 (.pfx) is selected.
7. Select Include all certificates in the certificate path if possible and then click Next.
8. De-select Require Strong Encryption. (This may cause a password prompt every time an application attempts to access the private key or it may cause IIS to fail).
9. Click Next.
10. Enter and confirm a password to protect the PFX file and click Next.
11. Choose a file name and location for the export file.
12. Click Next.
13. Read the summary and verify that the information is correct. Pay special attention to where you saved the file. Ensure that the information is correct.
14. Click Finish.

1. Locate the private key and certificate files. The following directives in the httpd.conf point to the location of the key and certificate files:
      SSLCertificateFile .../path/to/mycertfile.crt
      SSLCACertificateFile …/path/to/intermediate.crt
      SSLCertificateKeyFile .../path/to/mykeyfile.key
   
2. .Copy the .key file, both .crt files (one is the server certificate and the other is the intermediate CA certificate), and the httpd.conf file onto a diskette or CD.
   
   <filename>.key ? private key
   <filename>.crt ? server certificate
   <filename>.crt ? intermediate CA certificate
   httpd.conf - Web server configuration file
   
   

1. Access the directory where the keystore was saved. If you specified a name for the keystore the keystore will by default be saved to your JDK/bin directory. If no keystore (-keystore omitted from the command) name was specified the keystore will be saved to your local profile directory as a .keystore file ( i.e C:\Documents and Settings\your name\.keystore)
2. Make a copy of the keystore file, preferably to a removable disk, in case of a system crash. If you are running Tomcat on Linux please use the following command to copy your keystore to a disk: cp mykeystore /mnt/floppy/

1. Locate the alias directory within the iPlanet directory.
2. Locate the files: https < server_name > cert7.db and https key3.db
3. Copy them.

1. From the menu bar, select Edit > Preferences.
2. Double-click the Privacy and Security category.
3. Click the Certificates category.
4. Click Manage Certificates.
5. Select the certificate that you want to export and then click Backup.
6. Specify the name of the file and folder that will hold the exported certificate and private key. Click Save.
7. Enter the master password for the Software Security Device and then click OK.
8. Enter a password that will control access to the backup file. Store this password in a safe location. Click OK.
9. A message confirms that the backup procedure was successful. Click OK.