SSL certificates are not the easiest objects to work with. It can be time-consuming if you have to install the same certificate over a number of machines?for example, in a clustered or NLB environment. It's also vital that you keep a copy of your IIS SSL certificates in case of system failure.
To ease the process, you can use IISCertDeploy.vbs, a small VBScript application for extracting, converting, and deploying SSL certificates.
The program uses the Personal Information Exchange (PFX) format for storing the certificates.
The PFX formats allow you to set a password to secure your certificate information. I highly recommend this in case the certificate is lost or stolen?without a password, the certificate could be used elsewhere.
You can export the certificate from the default Web site using
IISCertDeploy.vbs -e exportcert.pfx -p password
The argument after -e specifies the name of the file to save the certificate in, and the argument after -p defines the password to be stored in the PFX file. You'll need this password if you ever want to install the certificate from the PFX file on another machine.
To install a certificate, you must have a certificate file from a certificate authority.
At a command prompt, type the following:
IISCertDeploy.vbs -new cert.cer -c cert.pfx -p password -i W3SVC/2
Where cert.cer is the file supplied by the authority, cert.pfx is the PFX file that you want to create in the process, and password is the password for the PFX File. The -i option defines the site that you want to associate the certificate with.
The process is very similar to installing a certificate in a local site. You just need to supply additional switches and information to tell the script which server and user with administrative privileges to use. For example, to upload the same certificate as before to the server WebServer2 as the Administrator you would type:
IISCertDeploy.vbs -new cert.cer -c cert.pfx -p password -i W3SVC/2 [ic:ccc] -s WebServer2 ?u Administrator ?pwd srvpass