How to Import or Export your Apache Certificate to IIS
SSL Tutorial for Apache/OpenSSL Servers
Moving a certificate from one Apache server to another is as simple as copying your private key, server certificate, and intermediate certificate files to the new server and then modifying your Apache configuration file to use the certificates. However, it is also possible to move certificates from Apache to a Windows server, and vice versa, with a little manipulation of the certificate files using OpenSSL.
This tutorial explains how to back up your certificate from a working server and import the certificate to a second server.
Moving a Certificate from Apache to a Windows IIS Server.
-
Back up your certificate:
To import your certificate to Windows, you will first need to combine your primary certificate, Intermediate (CA) Certificate, and your private key file into a .pfx type backup file. To do this, use the following command:
openssl pkcs12 -export -out DigiCertBackup.pfx -inkey your_private_key_file.txt -in your_domain_name.crt -certfile DigiCertCA.crtThis creates a backup of your primary certificate called DigiCertBackup.pfx. Copy this file to your IIS Server.
- Once the .pfx file is copied to your Windows server, follow these instructions to import your PFX file on Windows.
Configuring Your Site - IIS 5/6
- In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
- Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
-
If given the option, Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported.
If you do not have that option, you should be asked what you want to do with the current certificate on the site, choose the option to "replace" your current certificate. - Browse to the .pfx file that you created earlier.
- Finish the certificate wizard.
Occassionally a server or IIS restart is required before your server will recognize the new certificate.
Importing an IIS .pfx file certificate into Apache or other non-Windows-based servers.
Most servers use plaintext certificate files. The certificate files that you download from your digicert account are already in this format. However, the private key that was generated on your IIS server is not yet in this format. This same private key is required for your certificate to function properly on your non-Windows-based server. To export the private key from the Windows IIS server to your non-windows-based machine, you must extract the private key from a Windows .pfx backup certificate. To do this you will use the OpenSSL utility to extract the private key from the .pfx backup file:
- First backup the certificate you have working on your IIS server to a .pfx file using the instructions listed above.
-
Second, use the following OpenSSL command to create a new text file from which you can separate the Private Key:
openssl pkcs12 -in mypfxfile.pfx -out outputfile.txt -nodeswhere mypfxfile.pfx is the certificate backup from your IIS server.
-
The above command would have created a text file named outputfile.txt.
Open this file with a text editor and you will see the private key listed first:
-----BEGIN RSA PRIVATE KEY-----
(Block of Random Text)
-----END RSA PRIVATE KEY----- - Copy and paste all of the private key, including the BEGIN and END tags to a new text file and save it as your_domain_name.key
- Use the Digicert Certificate Installation Instructions to install the the .key file you just created and the other certificate files from your Digicert Account to your new server.
PFX Export/Import Tutorial
How to Import/Export your SSL Server Security Certificate Across Microsoft IIS Servers.
