thawte homepage
worldwide sites: Deutsch Français Español Italiano
quick login: site search:
[ sitemap ]
thawte homepage thawte Product Overview thawte partners buy thawte certificates renew thawte certificates thawte trial certificates FREE guides available from thawte thawte Technical Support Contact thawte

Quick feedback: use this form to give us feedback on solutions, links and our site in general.
Technical Support
[ Contact us 24x5 ]

Private key backup instructions

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key or it has been over-written, the certificate will be rendered useless and you will need to reissue your certificate. (reissues are free)

Please note, that thawte does not come into contact with the private key file, nor the password (pass phrase) thereof. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password (pass phrase).

We have documented the backup procedure for the most common web server software platforms. Please see below for a list of the web server software and their corresponding backup instructions:

Apache-SSL / Apache ModSSL
Cobalt Raq 4
Microsoft IIS 4.0
Microsoft IIS 5.0
Microsoft IIS 6.0
Tomcat

Apache-SSL / Apache ModSSL

To backup the private key on Apache, please follow the instructions below:

1. Access the directory where the private key file was stored when created.
2. Use the following command to make a copy of the private key file in case of a server crash, preferably to a removable disk:

cp www.mydomain.com.key /mnt/floppy/

Important: Make a note of the pass phrase that was set on the private key file when it was created. If it is lost or forgotten, the certificate issued will not be able to function without it and you will need to reissue the certificate (this can be done at no extra cost).

Cobalt Raq 4

Follow the instruction below to make a backup of your private key on Cobalt Raq 4:

1. Login to the IP address of the server.
2. Use the administrator userid and the matching password.
3. Change to the directory /home/sites/home/certs else use /home/sites/site_in_question/certs
4. The keyfiles will be located here.
5. Make a copy of the private key.
6. Send a copy of the private key to another network location or to a removable disk.

Microsoft IIS 4.0

To backup a private key on Microsoft IIS 4.0, follow these instructions:

1. Go into Key Manager within IIS 4.0
2. Export a copy of the private key by selecting Key > Export Key> Backup File. The default format is a .key file

3. Store the exported key in a secure location like a disk. It is important to make a copy of the private key that does not reside on the actual server to safeguard against possible loss of the key in the event that the server crashes.

Important: Make a note of the private key password as it will be needed to install the certificate when it is issued.

Microsoft IIS 5.0

To backup a private key on Microsoft IIS 5.0 follow these instructions:

1. Open the MMC (Microsoft Management Console)
From your server, go to Start > Run and enter mmc in the text box. Click on the ‘OK’ button.

2. Add the certificate snapin
a. From your server, go to Start > Run and enter mmc in the text box. Click on the ‘OK’ button.

b. Click on the ‘Add’ button. Select ‘Certificates’ from the list of snap-ins and then click on the ‘Add’ button.

c. Select the Computer account option. Click on the ‘Next’ button.

d. Select the Local computer (the computer this console is running on) option. Click on the ‘Finish’ button.

e. Click on the ‘Close’ button on the snap-in list window. Click on the ‘OK’ button on the Add/Remove Snap-in window.

3. Backup the private key
a.Click on Certificates from the left pane.

b. Look for a folder called ‘REQUEST’ or ‘Certificate Enrollment Requests’ > Certificates

c. Select the private key that you wish to backup. Right click on the file and choose > All Tasks > Export…

d. The certificate export wizard will start, please click ‘Next’ to continue. In the next window select ‘Yes, export the private key’ and click ‘Next’.

e. Leave the default settings selected and click ‘Next’.

f. Set a password on the private key backup file and click ‘Next’.

g. Click on ‘Browse’ and select a location where you want to save the private key Backup the file to this location and then click ‘Next’ to continue. By default the file will be saved with a .pfx extension.

h. Click ‘Finish’ to complete the export process

You will get a message that the export was successful. Please copy the backup file

Microsoft IIS 6.0

To backup a private key on Microsoft IIS 6.0 follow these instructions:

1. Open the MMC (Microsoft Management Console)
From your server, go to Start > Run and enter mmc in the text box. Click on the ‘OK’ button.

2. Add the certificate snapin
a. From the Microsoft Management Console (MMC) menu bar, select Console > Add/Remove Snap-in.

b. Click on the ‘Add’ button. Select ‘Certificates’ from the list of snap-ins and then click on the ‘Add’ button.

c. Select the Computer account option. Click on the ‘Next’ button.

d. Select the Local computer (the computer this console is running on) option. Click on the ‘Finish’ button.

e. Click on the ‘Close’ button on the snap-in list window. Click on the ‘OK’ button on the Add/Remove Snap-in window.

3. Backup the private key
a. Click on Certificates from the left pane.

b. Look for a folder called ‘REQUEST’ or ‘Certificate Enrollment Requests’ > Certificates

c. Select the private key that you wish to backup. Right click on the file and choose > All Tasks > Export…

d. The certificate export wizard will start, please click ‘Next’ to continue. In the next window select ‘Yes, export the private key’ and click ‘Next’.

e. Leave the default settings selected and click ‘Next’.

f. Set a password on the private key backup file and click ‘Next’.

g. Click on ‘Browse’ and select a location where you want to save the private key Backup file to and then click ‘Next’ to continue. By default the file will be saved with a .pfx extension.

h. Click ‘Finish’ to complete the export process

You will get a message that the export was successful. Please copy the backup file

Tomcat

To make a backup of the Keystore, please follow the instructions below:

1. Access the directory where the keystore was saved. If you specified a name for the keystore the keystore will by default be saved to your JDK/bin directory. If no keystore (-keystore omitted from the command) name was specified the keystore will be saved to your local profile directory as a .keystore file (i.e C:\Documents and Settings\your name\.keystore)

2. Make a copy of the keystore file, preferably to a removable disk, in case of a system crash. If you are running Tomcat on Linux please use the following command to copy your keystore to a disk:

cp mykeystore /mnt/floppy/

Important: Make a note of the password which was set on the keystore file when it was generated.

If you lose or cannot access a private key or it has been over-written, you will need to apply for a reissue. Reissues are free of charge. To request a reissue follow the instructions in the following solution: vs13846

search the thawte knowledgebase

Try our top solutions
-
Retrieve your lost thawte ID and password
-
Generate a CSR
-
Test your CSR
-
Backup your Private Key
-
Buy a certificate
-
Required documentation
-
Install SSL Web Server Certificate
-
Install SGC SuperCert
-
Install SSL123 Certificate
-
Display thawte Site Seal on website
-
Renew a certificate
-
Retrieve your Status page password
-
Reissue your certificate
-
Choose a code signing certificate?
-
Sign all your code with a Microsoft Authenticode Certificate
-
Supported browser software
-
Download thawte Root Certificates
Click here for more top solutions.
About thawte | Consumer Awareness | © thawte, Inc. 1995-2007 | Repository | Privacy Policy | Legal Notices