Ask a Question

Solution ID : SO15668

Last Modified : 05/02/2018

Move a SSL certificate from Microsoft IIS 7 to Apache

Solution

To move a SSL certificate from Microsoft IIS 7.0 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key).

Step 1: Export certificate in IIS 7

  1. From the web server, click Start
  2. In the Search programs and files field, type mmc
  3. From the Programs list, click mmc.exe
  4. At the permission prompt, click Yes
  5. From the Microsoft Management Console (MMC), click  File > Add/Remove Snap-in
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer account
  9. Click Next
  10. Select Local computer (the computer this console is running on)
  11. Click Finish
  12. In the Add/Remove Snap-in window, click OK
  13. Save these console settings for future use
  14. Double click on Certificates (Local Computer) in the center window.
  15. Double click on the Personal folder, and then on Certificates.
  16. Right Click on the Certificate you would like to backup and choose > All Tasks > Export
  17. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
  18. Choose to 'Yes, export the private key'
  19. Choose to "Include all certificates in certificate path if possible." (do NOT select the delete Private Key option)
  20. Enter a password you will remember
  21. Choose to save file on a set location
  22. Click Finish
  23. You will receive a message > "The export was successful." > Click OK
  24. The .pfx file backup is now saved in the location you selected.


Step 2:  Convert PFX file to compatible files for Apache

Move the .pfx file to the Apache server.

To extract the private key, run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx  -nocerts -out key.pem
 
To extract the certificate (public key), run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem


Step 3: Install SSL certificate for Apache 
 
For installation instructions, refer to RapidSSL knowledge base article: SO6252
 
If these steps are unsuccessful, and you are not able to export your SSL certificate from IIS 7 to Apache, you will need to create a new CSR and reissue your certificate. Please see the instructions on solution: SO5757

 
If you do not want to include a passphrase you can use the following command:

openssl rsa -in key.pem -out server.key