Move certificates<\/h3>\n\nSelf-issued certificates<\/strong><\/p>\nMigrating self-issued certificates is not supported. Users must transfer the Certificate Distribution Package in the new server to removable media, and then they must re-install the self-issued certificates on the remote computers that are not joined to the domain.<\/p>\n
Trusted certificates<\/strong><\/p>\nIf you purchased a trusted certificate, and it is available to export, you can move the certificate to Windows SBS\u00a02011 Standard. To move a certificate, use the following procedures to export it from the Source Server, import it to the Destination Server, and then run the Add a Trusted Certificate Wizard to connect the certificate to Remote Web Access.<\/p>\n
To export a trusted certificate from the Source Server<\/h4>\n\n\n- On the Source Server, click Start<\/strong>, click Run<\/strong>, type mmc.exe<\/strong>, and then press ENTER.<\/li>\n
- On the console, click File<\/strong>, and then click Add\/Remove Snap-in<\/strong>.<\/li>\n
- Click Add<\/strong>, choose Certificates<\/strong> from the list, click Add<\/strong>, and then click OK<\/strong>.<\/li>\n
- In the pop-up window that appears, click Computer Account<\/strong>, click Finish<\/strong>, and then click OK<\/strong>.<\/li>\n
- Expand Certificates<\/strong>, expand Personal<\/strong>, and then click Certificates<\/strong>.<\/li>\n
- Right-click the certificate that is issued to your website (for example: remote.contoso.com), click All Tasks<\/strong>, and then click Export<\/strong>.\n\n
\n\n\n![\"note\"](\"http:\/\/i.technet.microsoft.com\/areas\/global\/content\/clear.gif\" "\\"note\\"")
Note<\/th>\n<\/tr>\n \nThere may be multiple certificates with the same name. Ensure that you choose a certificate that has a valid expiration date and that was issued by a trusted authority. If you are not sure which certificate to use, open Internet Information Services (IIS), determine which certificate IIS is using on the Source Server, and then choose the same certificate.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n <\/p>\n<\/div>\n<\/li>\n
- In the Certificate Export Wizard, click Next<\/strong>.<\/li>\n
- Ensure Yes, export the private key<\/strong> is selected, and then click Next<\/strong>.<\/li>\n
- Ensure Include all certificates in the certificate path if possible<\/strong> and Export all extended properties<\/strong> are selected, and then click Next<\/strong>. Do not select Delete the private key if the export is successful<\/strong>.<\/li>\n
- Type a password to protect the certificate file, and then click Next<\/strong>.<\/li>\n
- Choose a location to save the .pfx file (for example, C:\\trustedcert.pfx<\/strong>), and then click Next<\/strong>.<\/li>\n
- Finish the wizard.<\/li>\n<\/ol>\n<\/div>\n
To import the trusted certificate to the Destination Server<\/h4>\n\n\n- Move the trustedcert.pfx<\/strong> file to the Destination Server by using the network or a USB flash drive.<\/li>\n
- On the Destination Server, click Start<\/strong>, type mmc.exe<\/strong>, and then press ENTER.<\/li>\n
- On the console, click File<\/strong>, and then click Add\/Remove Snap-in<\/strong>.<\/li>\n
- Choose Certificates<\/strong> from the list, and then click Add<\/strong>.<\/li>\n
- In the pop-up window that appears, select Computer Account<\/strong>, click Finish<\/strong>, and then click OK<\/strong>.<\/li>\n
- Expand Certificates<\/strong>, expand Personal<\/strong>, and then click Certificates<\/strong>.<\/li>\n
- Right-click Certificates<\/strong>, click All Tasks<\/strong>, and then click Import<\/strong>.<\/li>\n
- On the Certificate Import Wizard Welcome<\/strong> page, click Next<\/strong>.<\/li>\n
- Browse to the location of the saved .pfx file, and then click Next<\/strong>.<\/li>\n
- Type the password that you typed in the Export procedure, ensure that Mark this key as exportable<\/strong> and Include all extended properties<\/strong> are selected, and then click Next<\/strong>.<\/li>\n
- Ensure that the certificate is imported to the Personal<\/strong> folder, and then click Next<\/strong>.<\/li>\n
- Finish the wizard.<\/li>\n<\/ol>\n<\/div>\n
To ensure that the Destination Server is using the newly imported certificate, run the Add a Trusted Certificate Wizard:<\/p>\n
To run the Add a Trusted Certificate Wizard<\/h4>\n\n\n- Open the Windows SBS\u00a02011 Standard Console.<\/li>\n
- On the navigation bar, click the Network<\/strong> tab, and then click Connectivity<\/strong>.<\/li>\n
- In the task pane, click Add a trusted certificate<\/strong>.<\/li>\n
- On the Welcome<\/strong> page, read the information, and then click Next<\/strong>.<\/li>\n
- On the Get the certificate<\/strong> page, click I want to use a certificate that is already installed on the server<\/strong>, and then click Next<\/strong>.<\/li>\n
- On the Choose an installed certificate<\/strong> page, click the certificate that you just imported, and then click Next<\/strong>.\n\n
\n\n\nNote<\/th>\n<\/tr>\n \nIf you cannot find the certificate that you just imported in the previous step, double-check whether the Internet address that is configured on the Destination Server is exactly the same as the one on the Source Server.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n <\/p>\n<\/div>\n<\/li>\n
- When the wizard finishes, click Finish<\/strong>.<\/li>\n
- We recommend that you upgrade to a\u00a02048-bit certificate if you were using a 1024-bit certificate.<\/li>\n<\/ol>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Migrated SBS 2008 to SBS 2011 and I needed to move the SSL over to the new server (granted it’s expiring in a couple of months). http:\/\/technet.microsoft.com\/en-us\/library\/gg563798.aspx Move certificates Self-issued certificates Migrating self-issued certificates is not supported. Users must transfer Continue reading SBS 2011 Migration – Moving the SSL over<\/span>
Self-issued certificates<\/strong><\/p>\n Migrating self-issued certificates is not supported. Users must transfer the Certificate Distribution Package in the new server to removable media, and then they must re-install the self-issued certificates on the remote computers that are not joined to the domain.<\/p>\n Trusted certificates<\/strong><\/p>\n If you purchased a trusted certificate, and it is available to export, you can move the certificate to Windows SBS\u00a02011 Standard. To move a certificate, use the following procedures to export it from the Source Server, import it to the Destination Server, and then run the Add a Trusted Certificate Wizard to connect the certificate to Remote Web Access.<\/p>\n <\/p>\n<\/div>\n<\/li>\n To ensure that the Destination Server is using the newly imported certificate, run the Add a Trusted Certificate Wizard:<\/p>\n <\/p>\n<\/div>\n<\/li>\n Migrated SBS 2008 to SBS 2011 and I needed to move the SSL over to the new server (granted it’s expiring in a couple of months). http:\/\/technet.microsoft.com\/en-us\/library\/gg563798.aspx Move certificates Self-issued certificates Migrating self-issued certificates is not supported. Users must transfer Continue reading SBS 2011 Migration – Moving the SSL over<\/span>To export a trusted certificate from the Source Server<\/h4>\n
\n
\n\n
\n Note<\/th>\n<\/tr>\n\n There may be multiple certificates with the same name. Ensure that you choose a certificate that has a valid expiration date and that was issued by a trusted authority. If you are not sure which certificate to use, open Internet Information Services (IIS), determine which certificate IIS is using on the Source Server, and then choose the same certificate.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n To import the trusted certificate to the Destination Server<\/h4>\n
\n
To run the Add a Trusted Certificate Wizard<\/h4>\n
\n
\n\n
\n Note<\/th>\n<\/tr>\n\n If you cannot find the certificate that you just imported in the previous step, double-check whether the Internet address that is configured on the Destination Server is exactly the same as the one on the Source Server.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n