Migrating SSL Cert from IIS to Apache

Author: Steven Neiland

Warning: This blog entry was written two or more years ago. Therefore, it may contain broken links, out-dated or misleading content, or information that is just plain wrong. Please read on with caution.

I recently migrated a website from a server running IIS 6.0 to one running Apache 2.2.x . While the migration of the sites was a snap, I also had to migrate the SSL certificate, and this was a little more involved. Here are the steps I used.

Note: The new server was also a Windows box so I installed the Apache binary with openssl. Your apache installation may need to be recompiled with ssl for it to function depending on your OS.

Step 1: Export .pfx file

When migrating a ssl cert from one server to another you will need both the public key files (your SSL certificate files, provided by your Issueing Authority)and the associated private keys (generated by your server at the time the CSR was generated) for the SSL certificate to function. For this reason a PFX backup is always needed to transfer an SSL server security certificate from one server to another.

Under windows do the following steps

  1. From the Start menu, select "Run...". Type "mmc" and hit Enter.
  2. Under the File menu choose Add/Remove Snap in.
  3. Click Add, then from the Add Standalone Snap-in panel choose Certificates, and click Add.
  4. Choose Computer Account and click Next, then choose Local Computer and click Finish.
  5. Close the Add Standalone Snap-In window by clicking Close.
  6. Close the Add/Remove Snap-in window by clicking Ok.
  7. Click the + to Expand the Certificates (Local Computer) Console Tree
  8. Look for the Personal directory/folder and select Certificates.
  9. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
  10. Follow the Certificate Export Wizard to backup your certificate to a .pfx file
  11. Choose to 'Yes, export the private key'
  12. Choose to include all certificates in certificate path if possible. (do NOT select the delete Private Key option)
  13. Leave default settings > Enter Password (if required)
  14. Choose to save file on a set location eg "desktop/mysite.pfx"
  15. Finish, you will receive a message > Export Successful
  16. Copy the created pfx file to the apache server
1 2 3 4

Reader Comments

NS's Gravatar
Wednesday, November 7, 2012 at 3:40:12 AM Coordinated Universal Time

Thanks for this, had to put the IIS cert on the apache reverse proxy...followed your steps, perfect.
Thanks a lot.

Carlo Idini's Gravatar
Carlo Idini
Monday, February 3, 2014 at 11:53:26 AM Coordinated Universal Time

Thank you!
It has worked perfectly for me.
I was looking for a solution from hours,
very crear and useful!

  • Please keep comments on-topic.
  • Please do not post unrelated questions or large chunks of code.
  • Please do not engage in flaming/abusive behaviour.
  • Comments that contain advertisments or appear to be created for the purpose of link building, will not be published.

Archives Blog Listing