How do I move the certificate and key from IIS 5 to Apache?

May 25, 2018 in SSL Technical FAQs

How to move my SSL certificate and key from IIS 5.x and 6.x to Apache?

Export to PFX file

1) Please start the Microsoft Management Console (MMC)
2) Add the Certificates Snap-in for the Computer account.
3) Under the Personal section of the MMC there should be a folder called 'Certificates', open it.
4) Right-click on the SSL certificate you'd like to export.
5) Hover over 'All Tasks', from here one should see the option to Export.
6) Go through the wizard, make sure it asks you to export the private key. If not, something is wrong. Possible your user doesn't have admin rights.
7) While going through the wizard, make sure to not include the CA's certificates, this will only complicate things.
8) Once you have dropped out of the wizard you should have a PFX file.

Import Private Key to an Apache readable format

1) Use the following OpenSSL command to obtain both the private key and SSL Certificate.
openssl pkcs12 -in mypkcs12.pfx -out pfxoutput.txt -nodes

2) Open pfxoutput.txt in a text editor.
3) Select all text between:

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,.........

and place this into a file called: mykey.key (name doesn't really matter all that much)
3) Using the same file in Step #2, grab everything else and put it into another file called: mycert.crt (again, doesn't really matter on the name)
4) Now, you have successfully split the PFX file to both the Certificate and its private key.
5) Proceed to install the certificate as one would do for Apache.

Related Articles

* Certificate Installation: Apache & mod_ssl