Transfer SSL Certificates from Microsoft IIS to Linux Apache

Thanks to a few different guides online (mainly Pete Frietag’s) I got an SSL certificate transferred from IIS on Server 2003 to Apache on Ubuntu Server 10.04. There was an extra step I needed to do that seems obvious now.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

  • Run mmc.exe
  • Click the ‘Console’ menu and then click ‘Add/Remove Snap-in’.
  • Click the ‘Add’ button and then choose the ‘certificates’ snap-in and click on ‘Add’.
  • Select ‘Computer Account’ then click ‘Next’.
  • Select ‘Local Computer’ and then click ‘OK’.
  • Click ‘Close’ and then click ‘OK’.
  • Expand the menu for ‘Certificates’ and click on the ‘Personal’ folder.
  • Right click on the certificate that you want to export and select ‘All tasks’ -> ‘Export’.
  • A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.

Next run openssl to extract the private key, and the cert file.

# Export the private key file from the pfx file

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

# Export the certificate file from the pfx file

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

# This removes the passphrase from the private key so Apache won't
# prompt you for your passphase when it starts

openssl rsa -in key.pem -out server.key

Now to make this work (the extra step) you need to go to your apache virtual host configuration file (or default if you dont have any virtual hosts) located at “/etc/apache2/sites-available/virtualhostname.conf” and make sure the following lines are present and correct:

SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /path/to/certificate/cert.pem
SSLCertificateKeyFile /patch/to/key/server.key

Then restart apache with the standard command

sudo /etc/init.d/apache2 restart

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>