Move a SSL certificate from Microsoft IIS 8 to Apache

To move a SSL certificate from Microsoft IIS 8 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key).

Step 1: Export certificate in IIS 8

  1. From the web server, click Start
  2. In the Search programs and files field, type manage computer certificates
  3. From the search suggestions list, click Manage computer certificates
  4. At the permission prompt, click Yes
  5. Double click on the Personal folder, and then on Certificates.
  6. Right Click on the Certificate you would like to backup and choose > All Tasks > Export
  7. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
  8. Choose to ‘Yes, export the private key
  9. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
  10. Enter a password you will remember
  11. Choose to save file on a set location
  12. Click Finish
  13. You will receive a message > “The export was successful.” > Click OK
  14. The .pfx file backup is now saved in the location you selected.

Step 2:  Convert PFX file to compatible files for Apache

Move the .pfx file to the Apache server.

To extract the private key, run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx  -nocerts -out key.pem

To extract the certificate (public key), run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem

Secure your IIS web server! SSL best practices.

If you are setting up a windows server that’s going to be dishing out websites using IIS on the web then you really need to make a few changes to default settings when it comes to SSL security and settings.

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click, create custom templates and test your website.

Screenshot1

For further information and to download the tool visit https://www.nartac.com/Products/IISCrypto

Once you’ve tweaked your configuration (you can’t really go wrong with the “Best Practices” button) you should go and test your sites using something like https://www.ssllabs.com/ssltest/ to see how they fare.

If you’d like to find out more information on SSL and how it works then Bill over at PixelPrivacy has put together an incredibly in-depth guide on how SSL works and what it means to the average user.