CSR – Backing up the private key

Backing up the private key of the pending request

Click the Start Button, select Run, type mmc and select OK
CSR backing PK-1
Click File and select Add/Remove Snap in
CSR backing PK-2
Select Add
CSR backing PK-3
Select Certificates from the Add Standalone Snap-in box and click Add
CSR backing PK-4
Select Computer Account (NOTE: This step is very important. It must be the computer account and no other account) and click Next
CSR backing PK-5
Select Local Computer and select Finish
CSR backing PK-6
Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC

Look for a folder named Request or Certificate Enrolment Requests. Under this folder, you can see the Certificates folder. You can see the corresponding key for the certificate request key that you made earlier.

Select the key that you want to back up.

Right-click the key, click All Tasks, and then click Export.
CSR backing PK-7
When the Certificate Export Wizard starts, click Next on the Welcome page.
CSR backing PK-8
Select Yes, export the private key, and then click Next.
CSR backing PK-9
On the Export File Format page, accept the default settings, and then click Next. Note that Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) is selected.
CSR backing PK-10
Type and confirm a password for the private key, and then click Next.
CSR backing PK-11
On the File to Export page, save the key (which is a .pfx file) on a set location, and then click Next. It is important to make a copy of the private key that does not reside on the actual server in case the server crashes.
CSR backing PK-12
Click Finish. You receive a message that states that the export was successful.
CSR backing PK-13
Note : If you do not have the backup of the private key of the pending request, you must make a new certificate request, because there is no way to install the certificate for the corresponding request once it is removed or lost.

Import the backup copy of the private key of the pending request

If you have a backup copy of the private key of the pending request, follow these steps to import the private key:

Click the Start Button, select Run, type mmc and select OK

CSR backing PK-14

Click File and select Add/Remove Snap in

CSR backin PK-15

Select Add

CSR backing PK-16

Select Certificates from the Add Standalone Snap-in box and click Add

CSR backing PK-17

Select Computer Account (NOTE: This step is very important. It must be the computer account and no other account) and click Next

CSR backing PK-18

Select Local Computer and select Finish

CSR backing PK-19

Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC.

Look for a folder named Request or Certificate Enrolment Requests. Under this folder, you can see the Certificates folder.

Right-click the Certificates folder, click All Tasks, and then click Import.

CSR backing PK-20

When the Certificate Import Wizard starts, click Next.

CSR backing PK-21

Locate and select the private key (.pfx) file of the pending request that you backed up, and then click Next.

CSR backing PK-22

Type the password for the private key (this is the password that you specified when you backed up the private key for the pending request), and then select Mark the Private key as exportable. Click Next.

CSR backing PK-23

Select Place all certificates in the following store. Make sure that the default certificate store is REQUEST, and then click Next.

CSR backing PK-24

On the Completing the Certificate Import Wizard page, click Finish. You receive a message that tells you that the import was successful.

CSR backing PK-25

The private key of your pending request is now restored.

Comments are closed.