Ask a Question

How to move an SSL certificate from Apache to IIS 7


Step 1: Export certificate from Apache in PKCS#12 format
1. Locate the separate parts of the certificate - the private key, the server certificate and the intermediate CA certificate (or bundle). They will be configured in Apache as follows (with differences for file paths and names):
SSLCertificateFile /path/to/ssl-cert.crt
SSLCertificateKeyFile /path/to/private.key 

SSLCACertificateFile /path/to/intermediate-ca.crt

2. Export the certificate with the following OpenSSL command. Change the file paths as appropriate:

openssl pkcs12 -export -in /path/to/ssl-cert.crt -inkey /path/to/private.key -certfile /path/to/intermediate-ca.crt -out cert-export.pfx

3. Copy the .pfx file to the IIS 7 server


Step 2: Import certificate in IIS 7

1. Open the IIS Manager

2. Select the server to manage on the left, double-click on 'Server Certificates' on the right

3. Under Actions, click 'Import'

4. Click the '...' button and browse to the .pfx file copied to the server in Step 1, select the .pfx file and click 'Open'

5. Type the password specified when exporting the certificate in Step 1, select the option box 'Allow this certificate to be exported' and click 'OK'

Note: The certificate should now appear in the Server Certificates window.


Step 3: Binding certificate to the web site:

1.  Click Start > Administrative Tools > Internet Information Services (IIS) Manager

2.  Browse to Server Name > Sites > Your SSL-based site

3.  From the Actions pane, choose Bindings

4.  In the Site Bindings window, choose Add

5.  From the Add Site Bindings window, provide the binding type

6.  Select the SSL certificate that will be used for this site

7.  Click OK