Blog‎ > ‎

Re-assign Private Key to Another Certificate

posted May 7, 2012, 3:30 PM by Jeremy Walker   [ updated May 7, 2012, 3:31 PM ]
I ran into a problem today with a newly regenerated UCC Certificate from Go Daddy.

I added a new SAN (Subject Alternative Name) to a pre-existing certificate then re-generated it, all from the Go Daddy website. The website gave me the certificate signed with the public key as usual, but I didn't have an already existing request in progress on the server. I found this article on the inter-webs:

Thank you John!

Here's a brief overview:
  1. Install OpenSSL for Windows from
  2. Export the Private Key and Certificate from Certificates MMC Snap-In.
  3. Separate the Private Key from the PFX file:
    openssl pkcs12 -in original.pfx -out privatekey.pem -nocerts
  4. Merge the Private Key and the New Certificate from Go Daddy:
    openssl pkcs12 -export -out new.pfx -inkey privatekey.pem -in gdcert.crt
  5. Import the new PFX file.
If this is for Exchange 2010 use the Exchange Console to import the PFX file.

Don't forget to give the new certificate a Friendly Name. You can do that by viewing the certificate in MMC, clicking Details, Edit Properties, then typing in a Friendly Name.