Geração de ficheiro .pfx ou .p7b
Exporting and Restoring a PFX file to IIS
Open up the Microsoft Management Console (MMC).
Start -> Run -> Type 'mmc' (without quotes) and Click OK or hit Enter on your keyboard.
2. Open Add/Remove Snap-in Window.
File -> Add/Remove Snap-in
3. Add the Certificates Snap-in.
Click Add then double-click Certificates
4. Select Computer Account and click Next.
Note: This step is very important. It must be the Computer Account and no other account!
5. Select Local Computer and click Finish
6. Close the Add Standalone Snap-in window and click OK in the Add/Remove Snap-in Window.
7. Click the + (plus) sign next to Personal and click on the Certificates folder.
1. Right-Click on the certificate that is to be exported and select All Tasks -> Export
2. When the Certificate Export Wizard starts, click Next on the Welcome Page.
3. Select Yes, export the private key and then click Next.
4. Leave the default settings that the window presents and click Next.
Note: These are the default settings, but put a check in the box labeled 'Include all certificates in the chain if possible' and leave the rest as is.
5. Type and confirm a password for the PFX file and then click Next.
Note:This is a password you are creating.
6. On the File to Export page, save the file in a safe and easy to remember location (Example: My Documents, C Drive, or Desktop) and then click Next.
Note: Instead of typing in a location you can Browse to a location to save it to by clicking the Browse button.
7. A confirmation page will be displayed upon completion of the previous step. Click Finish to complete the export process.
You will now have PFX file which is ready for transport. This file typically contains just your certificate and private key rolled into one file.
Note:If you selected Include all certificates in the certification path if possible, then your file will contain the full certificate chain with the private key and end entity/domain certificate.
Note: The following steps require you to be inside the Certificate Snap-in part of the MMC, if you are not already there please follow the section above titled Certificate Snap-in.
1. Right-Click on folder labeled Certificates under the Personal folder and select All Tasks-> Import
Import Certificate Wizard appears
2. When the Certificate Import Wizardstarts click Next
3. Browse or type in a location for the PFX file.
4. Type the password to the PFX file in the provided box and click Next.
Note: If you need to re-back up this key when imported, then make sure the box Mark this key as exportable... is checked-off.
5. Select Automatically select the certificate store based on the type of certificate and click Next.
6. On the Completing the Certificate Import Wizard page, click Finish.
7. Close the MMC and in case you are prompted, it is not necessary to save the changes.
You have now successfully completed the Certificate Import wizard.
Placing newly imported certificate into IIS 5.x & 6.x
- Open the IIS Manager
- Right-click on the site that you would like to use the certificate and select Properties.
- Click on the Directory Security tab and click on the Server Certificate button.
- Follow the wizard.
- If there is already a certificate on the website select Replace and then click Next.
Note: If this site does not have a certificate on it already then click Assign... and then click Next.
- Finish the certificate wizard.
- Restart Website
Placing newly imported certificate into IIS 7.x
- Open IIS (Start -> Administrative Tools -> IISM -> Server Name)
- Open Web Sites by left-clicking the tiny triangle to the left of Web Sites.
- Single left-click on the Web Site name. Example: Default Web Site.
- Select Bindings from the Edit Site sub menu. (see image)
- In the next window to come up, single left-click on the type https to select.
- Click Edit.
- Select the appropriate SSL certificateÂ from the SSL certificateÂ drop-down box.
- Click OK to save changes.
- Verify certificate is working on Web Site by visiting the site in your web browser.
. The friendly name is not part of the certificate; instead, it is used to identify the certificate. We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name. Select a certificate store In the drop-down list, select Web Hosting. for the new certificate:
Now that you've successfully installed your SSL certificate, you need to assign the certificate to the appropriate site.
Assign SSL Certificate
In Internet Information Services (IIS) Manager, in the Connections menu tree (left pane), expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to use the SSL certificate to secure.
On the website Home page, in the Actions menu (right pane), under Edit Site, click the Bindings… link.
In the Site Bindings window, click Add.
In the Add Site Bindings window, do the following and then click OK:
Type: In the drop-down list, select https. IP address: In the drop-down list, select the IP address of the site or select All Unassigned. Port: Type port 443. The port over which traffic is secure by SSL is port 443. SSL certificate: In the drop-down list, select your new SSL certificate (e.g., yourdomain.com).
Your SSL certificate is now installed, and the website configured to accept secure connections.