Moving SSL Certificate from IIS to Apache

The following steps describe how to export your SSL certificate from IIS so that it can be used in Apache.

This article assumes you have working knowledge of IIS and Apache. Please take backups prior to performing these steps. If you are unsure we suggest contacting a qualified system administrator to perform these steps for you.

  • Run mmc.exe
  • Click the ‘Console’ menu and then click ‘Add/Remove Snap-in’
  • Click the ‘Add’ button then choose the ‘certificates’ snap-in and click on ‘Add’
  • Select ‘Computer Account’ click ‘Next’
  • Select ‘Local Computer’ click ‘OK’
  • Click ‘Close’ and then click ‘OK’
  • Expand ‘Certificates’ and click the ‘Personal’ folder
  • Right click on the certificate that you want to export and select ‘All tasks’ -> ‘Export’ starting the export wizard
  • Check the box to include the private key and complete the wizard
  • You should now have a pfx file
Next we need to extract the private key and the cert file from the pfx file. This can be done using openssl on Apache.

  • Private key export command
    openssl pkcs12 -in [sslcert].pfx -nocerts -out key.pem
  • Remove the password from the pem file we have generated
    openssl rsa -in key.pem -out server.key
  • Certificate export command
    openssl pkcs12 -in [sslcert].pfx -clcerts -nokeys -out cert.pem
Inside your key.pem file you will have your private key.
[Private key will be here]
Copy this segment into your [sslcert].key file

Inside your cert.pem file will be your certificate.
[SSL certificate will be here]
Copy this segment into your [sslcert].cert file

Related Articles