Ask a Question

How to move an SSL certificate from Apache to Windows

Problem

How to create a PKCS#12 file using OpenSSL
How to move SSL certificate from Apache to Windows

Solution

Note: OpenSSL is a third party tool which is not supported by Thawte

To create a PKCS#12 file using OpenSSL follow the steps listed below:

Step 1: Locate the SSL certificate, private key, and Intermediate CA certificate
 
1. The location of these files will be referenced in the 'httpd.conf' or 'ssl.conf' file (depending on which configuration file is used with differences for file paths and names):

SSLCertificateFile /path/to/SSLcertificatename.crt
SSLCertificateKeyFile /path/to/privatekey.key
SSLCACertificateFile /path/to/intermediate.crt

 
2. Run the following OpenSSL command to combine the 3 files into one PKCS#12 file.

openssl pkcs12 -export -in /path/to/SSLcertificatename.crt -inkey /path/to/privatekey.key -certfile /path/to/intermediate.crt -out cert-export.pfx


The following prompts may appear:

  • Loading 'screen' into random state - done
  • Enter pass phrase for privatekey.key: (Enter the private key password)
  • Enter Export Password: (This will be the password for the new PKCS#12 file)
  • Verifying - Enter Export Password: (Confirm the password)


3. Move a copy of the PKCS#12 file to the Windows server

Note: If a location is not specified, the new PKCS#12 file will be located within the directory from where the OpenSSL command was executed.


Step 2: For steps on importing the PKCS#12 file into the Windows server, click here