Migration from Windows Server 2008R2 to Server 2019

My domain is: www.kiweb.de (plus SNI)

We used PKISharp/win-acme Client in order to create the SSL certificates.

We want to migrate our websites from Win Server 2008R2 to Server 2019.

I understand how this works on linux systems but not on windows server.

What ist the best way to migrate the certificates from Server 2008R2 to Server 2019?
Or do we have to create new certificates (with win-acme) on the new server?

Thanks in advance.

1 Like

Hi @Jens_KIWeb

if you use http validation, the ip address must be correct.

So: If your certificates are "old enough", create new certificates on your old server. Then you have 3 months time to switch.

Copy the pfx files to your new server, install the certificates manual, test it.

Switch your dns, so your new server is used.

Then create new certificates with your new server (next 30 - 60 days).

1 Like

Thanks for your quick answer :+1:

Our LE-Certificates are valid until 12th of March.

By “copy the pfx files” you mean that I have to export them through the snap-in manager, right?

I found this tutorial:
https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html

I tried to do that but it is not possible to export the private key and (in the next step) to choose PFX-format. Only CER or P7B is offered. How do I get PFX-Files?

1 Like

That's

client specific. A client can create a .pfx file, import it. Then the pfx file is deleted -> you have to export the certificate. Or the pfx file exists -> you can use it.

If the certificate isn't imported with the "exportable" flag, you can't export it with the private key.

Check the documentation of your client:

  • Option, that the pfx file is saved, not deleted.
  • Option to import a certificate, so it's exportable.
1 Like

In fact we did not set the PrivateKeyExportable-flag when creating the certificates with our Tool.

Is it a problem to create a new certificate on the old server, this time with the right flag?

Thanks again, JĂĽrgen!

1 Like

One certificate isn't a problem.

5 identical, then deleted -> rate limit.

1 Like

Thanks a lot. Great support! :+1:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.