Ask a Question

Advanced Search

Solution ID : SO28388

Last Modified : 05/02/2018

Move or Copy an SSL Certificate from Microsoft IIS Servers to Amazon (AWS) HTTPS Load Balancers



To move or copy a certificate from a Microsoft IIS Server to Amazon Web Services (AWS) HTTPS Load Balancers, please use the following steps below.

Step 1:  Export the SSL Certificate from Microsoft IIS

From the Microsoft IIS server, use the following solution for instructions to export a copy of the SSL certificate as a PFX file format.

Solution ID:  SO25398 - Exporting an SSL Certificate from IIS

Step 2:  Extract the Server Certificate & Private Key

A PFX file contains both the server certificate (also referred to as the signed public key) and the private key in a single file.  Amazon Web Services (AWS) requires that these two keys be uploaded as two separate files.  With the use of OpenSSL, the following solution are instructions to extract these two key files from the PFX file that was created in Step 1.

Solution ID:  SO5291 - Extracting the Server Certificate & Private Key from a PFX File

Step 3:  Remove the Private Key Pass Phrase

AWS cannot utilize a pass phrase/password that typically protects the private key file.  With the use of OpenSSL, the following solution are instructions to remove the pass phrase off of the private key file.

Solution ID:  SO307 - Remove the Pass Phrase from a Private Key File

Step 4:  Obtaining the Intermediate CA Chaining Certificate

If the PFX file (created from Step 1) was exported with the option to include the Intermediate CA chaining certificates, then during the extracting of the server certificate and private key files (from Step 2), there would have also been additional certificate files extracted known as the Intermediate CA certificate chaining files.  If there were no Intermediate CA certificate files found from the PFX file, then use the following link to obtain the Intermediate CA certificate.

Solution ID:  INFO1384 - Intermediate CA Certificates

Step 5:  Uploading All SSL Files to Amazon Web Services (AWS)

There should be three SSL files now in possesion.  The Private Key file, the Server Certificate file, and the Intermediate CA certificate file.  With the use of these three files, the following solution are instructions to upload and install them as the SSL to Amazon Web Services (AWS).

Solution ID:  SO20424 - Installing an SSL on Amazon Web Services (AWS)