How do I move the certificate and key from IIS5 to Apache?

How to move my SSL certificate and key from IIS 5.x and 6.x to Apache?


Export to PFX file.

1) Please start the Microsoft Management Console (MMC)
2) Add the Certificates Snap-in for the Computer account.
3) Under the Personal section of the MMC there should be a folder called "Certificates", open it.
4) Right-click on the SSL certificate you'd like to export.
5) Hover over "All Tasks", from here one should see the option to Export.
6) Go through the wizard, make sure it asks you to export the private key. If not, something is wrong. Possible your user doesn't have admin rights.
7) While going through the wizard, make sure to not include the CA's certificates, this will only complicate things.
8) Once you have dropped out of the wizard you should have a PFX file.

Import Private Key to an Apache readable format

1) Use the following openSSL command to obtain both the private key and SSL Certificate.
->openssl pkcs12 -in mypkcs12.pfx -out pfxoutput.txt
2) Open pfxoutput.txt in a text editor.
3) Select all text between

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,.........
.........
-----END RSA PRIVATE KEY-----

and place this into a file called: mykey.key (name doesn't really matter all that much)
3) Using the same TXT file in Step #2, grab everything else and put it into another file called: mycert.crt (again, doesn't really matter on the name)
4) Now, you have successfully split the PFX file to both the Certificate and its private key.
5) Proceed to install the certificate as one would do for Apache.


Note: If for some reason Apache won't let us use an encrypted private key, please run the following command.
-> openssl rsa -in myencrypted.key -out my.key

  • Email, SSL
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What does the Warranty actually mean?

We believe it is important to protect the end user. If we were to issue a certificate in error to...

Why does the secure part of the website say the name on the security certificate is invalid or does not match the name of the site?

There are a few possible reasons for this:1) The certificate has a Common Name (CN) of...

The CSR cannot be decoded or is invalid

CSR is possibly missing one or more required fields.The CSR must contain a minimum of the...

I have accidentally deleted or lost my Private Key

First check your backups and see if you can re-install the "private key". If you don't know how...

I have changed my server, or moved to a different provider, how do I move the certificate?

If you are moving servers or providers, you will need to get the certificate and private key from...