For backing up or replatforming a certificate, use the MOVEit Transfer Backup and Restore utilities. These utilities handle the backing up and restoring of both server and client SSL certificates loaded on the system.
Otherwise, if you need to export and import certificates manually, consider these guidelines:
When exporting a certificate from one machine and importing it on another machine using the Microsoft certificate facility, consider the following:
By default, Microsoft tries to export keys without their private keys. Be sure to check the configuration dialog where they should select the export private key option on the appropriate configuration dialog.
Although Microsoft lets you import server certificates without private keys. Although this feature is essential when defining some external certificates, the silent acceptance of these certificates often leads administrators to believe that they have successfully exported/imported a server certificate even though the private key was not moved.
To determine whether you performed an export/import procedure properly: When you try to import a certificate, if you are prompted for a password, it is likely that you did the procedure correctly. A password is required to unlock the private key from an export file.
Common scenarios for exporting a server certificate:
You want a backup copy of the certificate so you can quickly restore the entire server if anything bad happens
You are "replatforming" an existing secure server
You do not have the funds to buy a certificate for a development or test box and you want to use a real certificate from your production box.
You need to deliver the PUBLIC part of your certificate to a client for installation before that client will be allowed to connect. In this case, you do NOT export your private key
Errors that indicate improper export or import of a server certificate
The following errors in the secure FTP server logs, secure web server logs, or client displays might indicate that you may have improperly exported/imported a server certificate (with a its private key):
Your MOVEit Transfer FTP server logs report a "Not Loaded" certificate error.
A locally installed copy of MOVEit Freely reports a "Handshake Error" when connecting to any valid FTP port on localhost.
https:// connections to your web server are not logged in the IIS web logs.
While running Internet Explorer on the same box as your web server, you get a "site not available" response when trying to connect to your web site via any https:// URL. (i.e. https://localhost/help.htm)
Exporting the MOVEit Transfer SSL Server Certificate Without Private Key (for import into various FTP clients)
Some FTPS (FTP/SSL) clients must import the MOVEit Transfer SSL certificate, and possibly any root or intermediary CA certificates in the certification path, before the client can establish a FTPS connection with MOVEit Transfer. Because the same SSL certificate is used by both IIS (https) and MOVEit Transfer FTP (ftps), you can export the certificates using Internet Explorer.
To export the MOVEit Transfer host SSL certificate:
Connect to MOVEit Transfer using Internet Explorer (e.g., https://moveit.stdnet.com).
Double-click the padlock in the status bar.
Click the Details tab.
Click Copy to File to start the Certificate Export Wizard.
Follow the prompts to export the certificate in the desired format. If you're not sure which format, try Base-64.
To export the root CA and any intermediate CA certificates in the certification path:
Connect to the MOVEit Transfer using Internet Explorer (e.g., https://moveit.stdnet.com).
Double-click the padlock in the status bar.
Click the Certification Path tab.
Click to select the certificate you want to export.
Click View Certificate. A dialog box opens.
Click the Details tab.
Click Copy to File to start the Certificate Export Wizard.
Follow the prompts to export the certificate in the desired format.
