Moving SSL Certificate from IIS to Apache
This procedure will help you to move or copy your SSL certificate, installed on an IIS server to an Apache server.
Step 1: Export IIS certificate into a .PFX file
- Run mmc.exe
- Click the ‘Console’ menu and then click ‘Add/Remove Snap-in’.
- Click the ‘Add’ button and then choose the ‘certificates’ snap-in and click on ‘Add’.
- Select ‘Computer Account’ then click ‘Next’.
- Select ‘Local Computer’ and then click ‘OK’.
- Click ‘Close’ and then click ‘OK’.
- Expand the menu for ‘Certificates’ and click on the ‘Personal’ folder.
- Right click on the certificate that you want to export and select ‘All tasks’ -> ‘Export’.
- A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.
Step 2: Extract the private key
Export the private key file from the .PFX file.
$ openssl pkcs12 -in filename.pfx -nocerts -out key.pem
Step 3: Extract the certificate file
Export the certificate file from the .PFX file.
$ openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Step 4: Remove the passphrase
This command removes the passphrase from the private key so Apache won’t prompt you for your passphase when it starts.
$ openssl rsa -in key.pem -out server.key
Make sure that the following lines are present in your apache virtual host configuration file and they are correct:
SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /path/to/certificate/cert.pem SSLCertificateKeyFile /patch/to/key/server.key
Don’t forget to restart apache at the end.