A CA vendor will often let you renew a SSL certificate without regenerating a CSR (although this may not follow best practices). If you do this in Windows, you need to go through some gymnastics to install the CRT you get from back from the CA vendor.
This procedure is also useful to import a certificate from apache to Windows (start by combining the key and crt).
Exporting/Backing up your Certificate/Private Key in MMC (.pfx file format)
1.) Start > Run 2.) Type in MMC and click GO 3.) Go into the Console Tab (or File) > select Add/Remove Snap-in 4.) Click on Add > Double Click on Certificates and click on Add > OK 5.) Select Computer Account 6.) Select Local Computer 7.) Click the + to Expand the Certificates Consol Tree 8.) Look for the Personal directory/folder 9.) In the Personal folder Right Click on the Certificate and choose > ALL TASKS > Export 10.) Follow the Certificate Export Wizard to backup your certificate to a .pfx file 11.) Choose to include the Private Key (do NOT select the delete Private Key option) 12.) Choose to include all certificates in certificate path if possible. 13.) Leave default settings > Enter Password (if required) 14.) Choose to save file on a set location 15.) Finish 16.) You will receive a message > Export Successful 17.) The .pfx file backup is now saved in the location you selected.
openssl pkcs12 -in publicAndprivate.pfx -nocerts -nodes -out privateKey.key
To import your certificate to Windows, you will first need to combine your primary certificate with your private key file in a .pfx type backup file. To do this, use the following command:
# openssl pkcs12 -export -out DigiCertBackup.pfx -inkey your_domain-name.key -in your_domain_name.crt
This creates a backup of your primary certificate called DigiCertBackup.pfx. Copy this file to your IIS Server.
Importing your Certificate/Private Key in IIS (from .pfx file format):
Start > Run Type in MMC and click GO Go into the Console Tab (or File) > select Add/Remove Snap-in Click on Add > Double Click on Certificates and click on Add > OK Select Computer Account Select Local Computer Click the + to Expand the Certificates Consol Tree Right click on the Personal Certificates Store (folder) Choose > ALL TASKS > Import Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.
In your IIS manager, right-click on the site that you would like to use the certificate and select properties. Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard. If you are asked what you want to do with the current certificate on the site, choose to remove it, finish the wizard, and click the server certificate button to run the wizard again. Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported. Finish the certificate wizard. Restart the server.
Use the openssl command on a linux server, or install cygwin in Windows.