To move or copy a certificate from a Microsoft IIS Server to Amazon Web Services (AWS) HTTPS Load Balancers, please use the following steps below.
Step 1: Export the SSL Certificate from Microsoft IIS
From the Microsoft IIS server, use the following solution for instructions to export a copy of the SSL certificate as a PFX file format.
Solution ID: SO25398 - Exporting an SSL Certificate from IIS
Step 2: Extract the Server Certificate & Private Key
A PFX file contains both the server certificate (also referred to as the signed public key) and the private key in a single file. Amazon Web Services (AWS) requires that these two keys be uploaded as two separate files. With the use of OpenSSL, the following solution are instructions to extract these two key files from the PFX file that was created in Step 1.
Step 3: Remove the Private Key Pass Phrase
AWS cannot utilize a pass phrase/password that typically protects the private key file. With the use of OpenSSL, the following solution are instructions to remove the pass phrase off of the private key file.
Step 4: Obtaining the Intermediate CA Chaining Certificate
If the PFX file (created from Step 1) was exported with the option to include the Intermediate CA chaining certificates, then during the extracting of the server certificate and private key files (from Step 2), there would have also been additional certificate files extracted known as the Intermediate CA certificate chaining files. If there were no Intermediate CA certificate files found from the PFX file, then use the following link to obtain the Intermediate CA certificate.
Solution ID: INFO1384 - Intermediate CA Certificates
Step 5: Uploading All SSL Files to Amazon Web Services (AWS)
There should be three SSL files now in possesion. The Private Key file, the Server Certificate file, and the Intermediate CA certificate file. With the use of these three files, the following solution are instructions to upload and install them as the SSL to Amazon Web Services (AWS).