Have a question or solution? Post it at the SSL.com IT Security Q&A community site. All visitors welcome and it's FREE!

SSL Installation Support

Knowledge base and troubleshooting guides for ssl installation issues

How do I move the certificate and key from IIS5 to Apache?
Posted by Leonard Grove on 01 September 2011 04:38 PM

How to move my SSL certificate and key from IIS 5.x and 6.x to Apache?

Export to PFX file.

1) Please start the Microsoft Management Console (MMC)
2) Add the Certificates Snap-in for the Computer account.
3) Under the Personal section of the MMC there should be a folder called "Certificates", open it.
4) Right-click on the SSL certificate you'd like to export.
5) Hover over "All Tasks", from here one should see the option to Export.
6) Go through the wizard, make sure it asks you to export the private key. If not, something is wrong. Possible your user doesn't have admin rights.
7) While going through the wizard, make sure to not include the CA's certificates, this will only complicate things.
8) Once you have dropped out of the wizard you should have a PFX file.

Import Private Key to an Apache readable format

1) Use the following openSSL command to obtain both the private key and SSL Certificate.
-> openssl pkcs12 -in mypkcs12.pfx -out pfxoutput.txt -nodes
2) Open pfxoutput.txt in a text editor.
3) Select all text between

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,.........

and place this into a file called: mykey.key (name doesn't really matter all that much)
3) Using the same TXT file in Step #2, grab everything else and put it into another file called: mycert.crt (again, doesn't really matter on the name)
4) Now, you have successfully split the PFX file to both the Certificate and its private key.
5) Proceed to install the certificate as one would do for Apache.
(9 votes)
This article was helpful
This article was not helpful

Comments (0)
Post a new comment 
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.