Move a SSL certificate from Microsoft IIS 8 to Apache

To move a SSL certificate from Microsoft IIS 8 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key).

Step 1: Export certificate in IIS 8

  1. From the web server, click Start
  2. In the Search programs and files field, type manage computer certificates
  3. From the search suggestions list, click Manage computer certificates
  4. At the permission prompt, click Yes
  5. Double click on the Personal folder, and then on Certificates.
  6. Right Click on the Certificate you would like to backup and choose > All Tasks > Export
  7. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
  8. Choose to ‘Yes, export the private key
  9. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
  10. Enter a password you will remember
  11. Choose to save file on a set location
  12. Click Finish
  13. You will receive a message > “The export was successful.” > Click OK
  14. The .pfx file backup is now saved in the location you selected.

Step 2:  Convert PFX file to compatible files for Apache

Move the .pfx file to the Apache server.

To extract the private key, run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx  -nocerts -out key.pem

To extract the certificate (public key), run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem

Leave a Reply