Ask a Question

How to move a SSL certificate from Apache to IIS 7

Solution

To install a SSL certificate from Apache to Microsoft IIS 7 server, perform the following steps.
 
Step 1: Export certificate from Apache in PKCS#12 format
 
  1. Locate the separate parts of the certificate - the private key, the server certificate and the intermediate CA certificate. They will be configured in Apache as follows (with differences for file paths and names):
     
    SSLCertificateFile /path/to/ssl-cert.crt
     
    SSLCertificateKeyFile /path/to/private.key
     
    SSLCACertificateFile /path/to/intermediate-ca.crt
     
  2. Export the certificate with the following OpenSSL command - change the file paths as appropriate:

    openssl pkcs12 -export -in /path/to/ssl-cert.crt -inkey /path/to/private.key -certfile /path/to/intermediate-ca.crt -out cert-export.pfx
     
  3. Copy the resultant .pfx file to the IIS 7 server.

 

Step 2:  Import certificate in IIS 7

  1. Open the IIS Manager.
  2. Select the server to manage on the left, double-click on Server Certificates on the right.
  3. Under Actions, click Import...
  4. Click the '...' button and browse to the .pfx file copied to the server in Part 1, select the .pfx file and click Open.
  5. Type the password specified when exporting the certificate in Part 1, select the option box Allow this certificate to be exported and click OK.
  6. The certificate should now appear in the Server Certificates window.
     

Step 3: Binding certificate to the web site:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Browse to your server name > Sites > Your SSL-based site.
  3. From the Actions pane, choose Bindings.
  4. In the Site Bindings window, choose Add.
  5. From the Add Site Bindings window, provide the binding type.
  6. Select the SSL certificate that will be used for this site.
  7. Click OK.


Step 4:  Verify certificate installation

  1. Optional: Stop and Start your Web server prior to testing.
    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. To verify the SSL certificate installation, use the Symantec Certificate Installation Checker