To move a SSL certificate from Microsoft IIS 8 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key).
Step 1: Export certificate in IIS 8
- From the web server, click Start
- In the Search programs and files field, type manage computer certificates
- From the search suggestions list, click Manage computer certificates
- At the permission prompt, click Yes
- Double click on the Personal folder, and then on Certificates.
- Right Click on the Certificate you would like to backup and choose > All Tasks > Export
- Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
- Choose to ‘Yes, export the private key‘
- Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
- Enter a password you will remember
- Choose to save file on a set location
- Click Finish
- You will receive a message > “The export was successful.” > Click OK
- The .pfx file backup is now saved in the location you selected.
Step 2: Convert PFX file to compatible files for Apache
Move the .pfx file to the Apache server.
To extract the private key, run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -nocerts -out key.pem
To extract the certificate (public key), run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem