To move a SSL certificate from Microsoft IIS 8 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key). This guide will show you how to create those files.
Step 1: Export certificate in IIS 8
- From the web server, click Start
- In the Search programs and files field, type manage computer certificates
- From the search suggestions list, click Manage computer certificates
- At the permission prompt, click Yes
- Double click on the Personal folder, and then on Certificates.
- Right Click on the Certificate you would like to backup and choose > All Tasks > Export
- Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
- Choose to ‘Yes, export the private key‘
- Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
- Enter a password you will remember
- Choose to save file on a set location
- Click Finish
- You will receive a message > “The export was successful.” > Click OK
- The .pfx file backup is now saved in the location you selected.
Step 2: Convert PFX file to compatible files for Apache
If you are a windows user you will need the OpenSSL program / binaries to run these commands in PowerShell. You can find a guide on how to do this here
To extract the private key, run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -nocerts -out key.pem
EXAMPLE:- openssl pkcs12 -in c:\ssl\myexportedcert.pfx -nocerts -out c:\ssl\key.pem
To extract the certificate (public key), run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem
EXAMPLE:- -openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out c:\ssl\cert.pem
After running the commands above you will end up with 2 files, key.pem and cert.pem ready to be imported into your Apache server.