Backing up your Private Key using IIS

18 Dec

I recently wrote a brief guide about using an SSL with PRTG.

I’ve also since replaced all my certificates with SHA-2 wildcard as SHA-1 will soon be phased out.

I then needed to import this wildcard certificate into PRTG, there are a few steps to this.

Firstly, I used IIS to create the certificate request (CSR) and then uploaded the CSR to the website who were providing me with the certificate.

The certificate was delivered and is contained a few files, the actual certificate and then a few other root certificates.

The step that’s missing from all of this is the actual backing up of you private key (This private key is required by PRTG when installing a new certificate)

To backup your Private Key, open MMC and add the Certificates snap-in for Local Computer.

Navigate to Certificates (Local Computer) > Certificate Enrolment Requests > Certificates.

find your certificate and the go to All Tasks > Export

Use the default settings, set a password and export the .pfx (Personal Information Exchange) file.


Take this .pfx file and then use OpenSSL (You can get it it here or here) to convert it to RSA Private Key Format.

Set OPENSSL_CONF=c:\openssl-win32\bin\openssl.cfg 
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out mykey.key

You will then mykey.key which is your unencrypted private key.