I didn’t think you could do this, but it is possible to export SSL certificates creating under a Windows IIS environment for use in Apache. Here’s how to do it:
- On the Windows box, fire up Microsoft Management Console (mmc.exe) and add the Certificates snap-in. Choose Computer Account and then Local Computer.
- Find the certificate that you want to export and choose All Tasks > Export. Follow the Export wizard and make sure you export the private key too. You’ll be asked for a passphrase to use to encrypt the key.
- Take the PFX-format file that was created by the wizard and copy it to your UNIX machine.
- Use OpenSSL to convert the PFX file into a PKCS12 format:
$ openssl pkcs12 -in whatever.pfx -out pfxoutput.txt
- The PKCS12 output file is basically a concatenation of the private key and the certificate, so use vi to slice it up into two files, a .crt for the cert and a .key for the private key.
- If you want to remove the passphrase from the key (highly recommended in a production environment where Apache must start up unattended) then just run:
$ openssl rsa -in encrypted.key -out unencrypted.key
That’s it! You can now use the key and cert in your Apache config files.