Ask a Question

Move a SSL certificate from Microsoft IIS 5.0, 6.0, 7.0 or 8.0 to Apache

Solution

To move an SSL certificate from Microsoft IIS 5.0, 6.0, or 7.0 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key).

 

Step 1: Export SSL certificate from Microsoft IIS 5.0, 6.0, or 7.0

Export the Certificate from you current IIS server with this solution: SO25398 

Find the .pfx file created on the location selected. This file will be converted in Step 2.


Step 2:  Convert PFX file to compatible files for Apache

Move the .pfx file to the Apache server.

To extract the private key, run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx  -nocerts -out key.pem
 
To extract the certificate (public key), run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem


Step 3: Install SSL certificate for Apache 
 

For installation instructions, refer to Thawte knowledge base article: SO1498
 
If these steps are unsuccessful, and you are not able to export your SSL certificate from IIS to Apache, you will need to create a new CSR and Revoke and Replace your certificate. Please see the instructions on solution: SO470
 
If you do not want to include a passphrase you can use the following command:

openssl rsa -in key.pem -out server.key