SSL 101 private key

The location the private key is stored depends on the OS.  Windows stores private keys in an encrypted format at one of the following locations:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\
C:\Documents and Settings\UserA\Application Data\Microsoft\Crypto\RSA\[UserA's SID]\

Unix/Linux stores the key where ever you tell it to when creating the request.

The private key is generated when you create the CSR on a windows computer. You can use third party tools to create a key pair first and then generate the CSR but if you do it using the windows GUI it all happens at once.

On Unix/Linux it is typical to use openSSL to generate a key pair and then create a CSR.

in the past I have been able to use certificates CRT from go daddy on servers other than the one that made the initial certificate request, and I have been able to use the certs fine, just did an import of the certs into IIS. there must be an private key when I did that right? where would that be?

If you generated the CSR in IIS then you must complete the request on the same server where the CSR was generated. You could then export as a PKCS #12 file (.pfx) which could then be imported to a different server and it would work fine.  

You could also generate a key pair outside IIS for example with OpenSSL (command line) or KeyStore Explorer (GUI) then generate a CSR and import the CA (such as GoDaddy) response but you would still have to export the result to a .pfx file to install it on a different server.

If you import a .crt file from GoDaddy (or any other CA) on a server that did not generate the CSR, it will install but you will not have a private key associated with it and you would not be able to use it for SSL. Notice I said import not complete request. If there is no pending request you cannot complete it in IIS.

In your original post you said you were “…trying to import these certificates into a different server to the one that generated the certificate request.”  You can accomplish that by finishing the request on the server where you generated the CSR then export them to .pfx, move to the appropriate server and install. Don’t forget to bind in IIS after installing.

if there are no pending requests in IIS for certificates you can still import an existing one from the local stores. I believe that's what I have done in the past.. it has been many years ;-D and we haven't had any issues with SSL certs that I have noticed.. am I missing something or forgetting something?

Thanks