Pete Freitag Pete Freitag

Moving SSL Certs from IIS to Apache

linuxweb

I found some instructions (removed link - no longer works) for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

  • Run mmc.exe
  • Click the 'Console' menu and then click 'Add/Remove Snap-in'.
  • Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.
  • Select 'Computer Account' then click 'Next'.
  • Select 'Local Computer' and then click 'OK'.
  • Click 'Close' and then click 'OK'.
  • Expand the menu for 'Certificates' and click on the 'Personal' folder.
  • Right click on the certificate that you want to export and select 'All tasks' -> 'Export'.
  • A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.
Next run openssl to extract the private key, and the cert file.
# Export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
# Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
# This removes the passphrase from the private key so Apache won't
# prompt you for your passphase when it starts
openssl rsa -in key.pem -out server.key


Like this? Follow me ↯

Moving SSL Certs from IIS to Apache was first published on August 27, 2003.

If you like reading about ssl, certificates, iis, apache, or crypto then you might also like:

Want Security Advisories via Email?

Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).

Comments

short and sweet. all seems so clear and refined when someone with real knowledge can give a to-the-point answer
by aditya on 03/29/2005 at 9:33:59 AM UTC
Good stuff, worked perfectly to migrate from IIS6 to Apache 2.2 on Winders. Thanks, Pete.
by Damien McKenna on 05/08/2007 at 1:19:01 PM UTC
Thanks... Helped more than you know...
by Les on 09/16/2010 at 10:24:11 PM UTC