Moving a SSL certificate from Microsoft IIS 8 to Apache

/
/
/
145 Views

In this post we will look that how to move SSL certificate .PFX from IIS 8 to Apache Server. The apache server requires two file.

1 – Server.key : the private key associated with the certificate
2 – Server.crt :  the public SSL certificate issued by certificate authority.

To move a SSL certificate from Microsoft IIS 8.0 to Apache server, the certificate must be converted from a PKCS#12 (.p12 or .pfx) to two separate files (private and public key).

Step 1: Export certificate in IIS 8

  1. From the web server, click Start
  2. In the Search programs and files field, type mmc
  3. From the Programs list, click mmc.exe
  4. At the permission prompt, click Yes
  5. From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer account
  9. Click Next
  10. Select Local computer (the computer this console is running on)
  11. Click Finish
  12. In the Add/Remove Snap-in window, click OK
  13. Save these console settings for future use
  14. Double click on Certificates (Local Computer) in the center window.
  15. Double click on the Personal folder, and then on Certificates.
  16. Right Click on the Certificate you would like to backup and choose > All Tasks > Export
  17. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
  18. Choose to ‘Yes, export the private key
  19. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
  20. Enter a password you will remember
  21. Choose to save file on a set location
  22. Click Finish
  23. You will receive a message > “The export was successful.” > Click OK
  24. The .pfx file backup is now saved in the location you selected.

Using Open SSL, you can extract the certificate and private key.

To extract the private key from a .pfx file, run the following OpenSSL command:

openssl.exe pkcs12 -in myCert.pfx -nocerts -out privateKey.pem

The private key that you have extract will be encrypted. To unencrypt the file so that it can be used, you want to run the following command:

openssl.exe rsa -in privateKey.pem -out private.pem

The resulting private.pem file should be the key file that you want. Open it up using notepad to make sure there is not additional information showing up as text in the file. There may be some additional lines displaying the DN and Bag Attributes. Remove all of this from the file so that you end up with something like this:

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAiHrpjnliRKGyqia4IYJPegiRsSrztuH9eixIXpJjeyi10MMQ

nkmSrrkvKfTUM9C5+xHgzTC1d/vnpdgjRHHxiRp7NerYV3zO5dF0wqkZ7XEwudz1

3T+1lnKQRGkQWcEuWea0q+5qM1XTcPeA4GFiaNjyNhq74snu0EsmQhreVADqApyv

nMLZhU+QnYc4LqFqohXi0uN/vAqrJ6MXpKaRW+C4Jzp+ZmkmdcOkyqyTKf30j/OX

a6gMUttq98y22sArO36cO7uyUps/d6NMT3WTkBOeS6jsduyG41hGXXRiVC6uiT37

Sj/AHuoN23C1CdgI9MNXZnjyNTnkSDC0icYd2wIDAQABAoIBAAGtEhQ0AmnEW0It

V+KKy/i8L98vSgSWHDugB+19ZRJcoCBQXPJiBev2YzwOgSf3vr5KFxV+AnnW5/Pd

8STvNJ+nPxnHk2DpAU4fjIxdcO+SYx5NNonBNV+DyFNxajLSpVk+SjwNoVPrEGiD

6ZsX0b0RjlFCx8mTtZvs6FXfKEQmJWTd+xUsvLtkc88rsw8f5apH00wIwiaT/9et

YGNQrLZLXl9RDgIRiIGOV1E/vrp4m32IvYazEr5D0zccTMJhPB4aD8o/rLr2vHcZ

MspWAQHFRQsXuPbjFbSeh8flxbU5ofQfdIJy79MVGuhOKYaMdvmwdZfFnunY7x0Z

ZX9dTYkCgYEA32K2py+3LLsj9YNQ8gKMuaNo9WvL/cxcPd5UTlzB51hHr8NEg31c

Pu8xwSL1CuH2ZPUKIx7KUHyirWMSvF2MtGneyT8OizncfnMRKznJRM9WwRqDYsmY

ipf9c4LCiNUhAx2hetzJmeqON226EMhgUqNgc/bLiCAeG8/JK1k7QjkCgYEAnGgC

dr/oxN6TIRSJbncOIbJyHHhNrlw0T2JCoCJ/xYmkYKa6PLafMloI1nqwYf1+Dq91

63CQuVf50gLvkCQI8tC4FeWS6v0iz+oDIqoEGB15wXT4xtG7fZTPD112BHAMZLnI

Ftspng+XDnBXiXhW1iE326z/obQJgYc+r2HNULMCgYAG59xRqs302gwwiNC1ypJj

IsQZ4i06OVkYqIjeq0trRXVh3518myGA6JAXMmd04KtnT5Pypf8HIfM9fPSVUicJ

ZMR4YDSo5S8F0bTUK0Mnl2lNKu6o3SaUEkLJkV9GL6CHoiDd1Xl+ApxG5mN8JVWk

+FwA+b4tBSEpJvFHH8kPMQKBgQCJHkoir0Yy6epU0vtVQ7y44AdYXEPF+4HEoqFE

YFph5LSeIy0cswHIE9Sxq6fckG6mEz8u5GWMh8s1SWuak2zg6win8bcmmjudyUts

ZV7ngVfPuWusagyUIRSSJN6lL1I+L/1xxDutHX/Rob2sgDqoyUB+LyGBMyQuUVIs

UXK9LwKBgF+G79DKwNlqi5WIVifnZ8tuU8lafhR8o4WFniQIrcTdhyXL+/us8nHp

E71VWZz8dnBQlc5vAipTarRaa/sOfR+O2MnA10d3BEEACV7FRfPrgP1R+xg5bYNQ

ZLTLUXa1Tc0o56CtMHlXzXbml5b6qWuvJj+x7DKQGshswgefaITv

-----END RSA PRIVATE KEY-----

You can now use this as your Server.key file on your Apache Server.

To get the corresponding Server Certificate, you run the following OpenSSL command:

openssl.exe pkcs12 -in myCert.pfx -clcerts -nokeys -out ServerCert.pem

Now you can use both Server.key and ServerCert.pem on Apache server.

Assigning the domain SSL certificate to Apache

After you have converted the .pfx file, you will need to copy the newly created files to the Apache server and edit your Apache configuration file to use them. You have to enable the SSL in httpd configuration and change the Virtual host for your domain under the  /etc/httpd/conf.d/ folder.

I have also write post about How to View a Certificate Fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL .

  • Facebook
  • Twitter
  • Google+
  • Linkedin
  • Pinterest

Leave a Comment

Your email address will not be published. Required fields are marked *

Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views : Ad Clicks :Ad Views :