IIS (.pfx) SSL Certificate to Apache (.crt and .key)

Hello everyone,

This article is coming from RapidSSL knowledge base. I will not rewrite it to make it my own. Useless. I can just confirm that it is well explained and working as expected as I had to do it.

 

To move a SSL certificate from Microsoft IIS 7.0 to Apache, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key).

Step 1: Export certificate in IIS 7

  1. From the web server, click Start
  2. In the Search programs and files field, type mmc
  3. From the Programs list, click mmc.exe
  4. At the permission prompt, click Yes
  5. From the Microsoft Management Console (MMC), click  File Add/Remove Snap-in
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer account
  9. Click Next
  10. Select Local computer (the computer this console is running on)
  11. Click Finish
  12. In the Add/Remove Snap-in window, click OK
  13. Save these console settings for future use
  14. Double click on Certificates (Local Computer) in the center window.
  15. Double click on the Personal folder, and then on Certificates.
  16. Right Click on the Certificate you would like to backup and choose > All Tasks > Export
  17. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
  18. Choose to ‘Yes, export the private key
  19. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
  20. Enter a password you will remember
  21. Choose to save file on a set location
  22. Click Finish
  23. You will receive a message > “The export was successful.” > Click OK
  24. The .pfx file backup is now saved in the location you selected.

Step 2:  Convert PFX file to compatible files for Apache

Move the .pfx file to the Apache server or install OpenSSL on your Windows  ( https://slproweb.com/products/Win32OpenSSL.html )

To extract the private key, run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx  -nocerts -out key.pem

To extract the certificate (public key), run the OpenSSL command:
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem

cert.pem can be renamed to server.crt if needed
If you do not want to include a passphrase you can use the following command:

openssl rsa -in key.pem -out server.key

 

You can now use server.crt and server.key in your Apache configuration.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s