Ask a Question

How to move an SSL certificate from Microsoft IIS 5, 6, 7 or 8 to Apache

Solution

To move a SSL certificate from Microsoft IIS 5, 6, 7, or 8 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key). 
 
Step 1:  Export SSL certificate from Microsoft IIS 5, 6, 7 or 8
 
For export instructions for Microsoft IIS 5, 6, 7, or 8 please click here for documentation in our Symantec Knowledge Base.
 
Step 2:  Convert PFX file to compatible files for Apache 
 
Move the .pfx file to the Apache server.
 
To extract the private key, run the OpenSSL command: openssl pkcs12 -in <filename>.pfx  -nocerts -out key.pem
 
To extract the certificate (public key), run the OpenSSL command: openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem
 
To extract the intermediate CA certificate, run the OpenSSL command: openssl pkcs12 -in <filename>.pfx -cacerts -out myissuercerts.cer
 
 
Step 3: Install SSL certificate for Apache  
 
 
If these steps are unsuccessful, and you are not able to export your SSL certificate from IIS to Apache, you will need to create a new CSR and Replace the certificate. Please click here for documentation in our Symantec Knowledge Base.
 
If you do not want to include a passphrase you can use the following command: openssl rsa -in key.pem -out server.key