Pete Freitag Pete Freitag

Moving SSL Certs from IIS to Apache


I found some instructions (removed link - no longer works) for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

  • Run mmc.exe
  • Click the 'Console' menu and then click 'Add/Remove Snap-in'.
  • Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.
  • Select 'Computer Account' then click 'Next'.
  • Select 'Local Computer' and then click 'OK'.
  • Click 'Close' and then click 'OK'.
  • Expand the menu for 'Certificates' and click on the 'Personal' folder.
  • Right click on the certificate that you want to export and select 'All tasks' -> 'Export'.
  • A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.
Next run openssl to extract the private key, and the cert file.
# Export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
# Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
# This removes the passphrase from the private key so Apache won't
# prompt you for your passphase when it starts
openssl rsa -in key.pem -out server.key

Like this? Follow me ↯

Moving SSL Certs from IIS to Apache was first published on August 27, 2003.

If you like reading about ssl, certificates, iis, apache, or crypto then you might also like:


short and sweet. all seems so clear and refined when someone with real knowledge can give a to-the-point answer
by aditya on 03/29/2005 at 9:33:59 AM UTC
Good stuff, worked perfectly to migrate from IIS6 to Apache 2.2 on Winders. Thanks, Pete.
by Damien McKenna on 05/08/2007 at 1:19:01 PM UTC
Thanks... Helped more than you know...
by Les on 09/16/2010 at 10:24:11 PM UTC