SSL certificate maximum validity is being reduced to 200 days from March 2026. Read more →

SSL Certificates

Cheap SSL DV SSL Wildcard SSL Multi-Domain (SAN) OV & EV SSL

Specialty Certificates

Code Signing Document Signing Email / S/MIME VMC / BIMI
In effect now Certificate Lifetime

Automation

Overview Auto DNS FairSSL vs Let's Encrypt

Platforms

Windows Setup Linux & Kubernetes Appliances ACME Clients

Tools

SSL Scanner Certificate Decoder CAA Generator

Guides

Windows Server Linux & Open Source All guides

Company

About Us Contact Installation Service
News

Language

Dansk Svenska English

Currency

Login Create Account
IIS / Windows Server Easy ~3 min. read

IIS 7: Exporting to PFX

Export an SSL certificate from IIS 7.0 or 7.5 to a PFX backup file using MMC. For Windows Server 2008 and 2008 R2.

IIS 7/7.5 (EOL januar 2016)

Products that no longer receive updates.

IIS 7: Exporting to PFX

Overview

This guide demonstrates how to export an installed SSL certificate from IIS 7.0 or 7.5 to a PFX file (PKCS#12) on Windows Server 2008 / 2008 R2. Exporting to PFX is necessary when you need to:

  • Create a backup of the certificate along with its private key
  • Migrate the certificate to a new server (e.g. when upgrading to Windows Server 2022 or 2025)
  • Import the certificate into a different application
Note: IIS 7.0 and 7.5 on Windows Server 2008/2008 R2 reached End of Life (EOL) in January 2016. We strongly recommend upgrading to Windows Server 2022 or 2025. You can export the certificate to PFX and import it onto the new server using our IIS 8-10: PFX import guide.

Prerequisites

  • Windows Server 2008 or 2008 R2 running IIS 7.0 or 7.5
  • Administrative access to the server
  • The certificate must be installed with an exportable private key

Step 1 – Open MMC and add the Certificates snap-in

  1. Log in to the server with administrator privileges.
  2. Press Windows + R, type mmc.exe and click OK.
  3. Select FileAdd/Remove Snap-in.
  4. Select Certificates and click Add.
  5. Choose Computer account and click Next.
  6. Select Local computer, then click Finish followed by OK.

[Screenshot: MMC → Add/Remove Snap-in → Certificates]

Step 2 – Export the certificate

  1. Navigate to Certificates (Local Computer)PersonalCertificates.
  2. Right-click the certificate you wish to export → All TasksExport.
  3. Select Yes, export the private key. Click Next.
  4. Choose Personal Information Exchange - PKCS #12 (.PFX). Tick Include all certificates in the certification path if possible. Click Next.
  5. Tick Password and enter a strong password for the PFX file. Click Next.
  6. Choose a filename and location (e.g. C:\backup\example-com.pfx). Click Next and then Finish.

[Screenshot: MMC → Personal → Certificates → Export → PFX]

Troubleshooting

  • "Yes, export the private key" is greyed out: The private key was not marked as exportable during the initial import. You will need to re-import the certificate from the original PFX file with Mark this key as exportable enabled, or generate a new CSR and have the certificate reissued.
  • "The export failed": Ensure you have full administrative rights and verify that the certificate actually has a private key associated with it.

Security

  • Always use a strong password for PFX files (minimum 16 characters).
  • Delete PFX files from temporary locations immediately after use.
  • Store backup PFX files in a secure, encrypted location.

Next Steps: Upgrading

If you are exporting the certificate to migrate to a newer server, refer to our IIS 8-10: PFX import guide for instructions on Windows Server 2012 through 2025.

Strengthen your TLS security

Use IIS Crypto to easily configure secure TLS protocols and cipher suites on your Windows Server.

IIS Crypto TLS configuration guide
Back to guides

Ready to create a free account?

Create a free account and issue your first certificate in under 10 minutes.

Create free account Compare certificates