in Internet Services, Windows

exporting IIS SSL certificates for use in Apache

I didn’t think you could do this, but it is possible to export SSL certificates creating under a Windows IIS environment for use in Apache. Here’s how to do it:

  1. On the Windows box, fire up Microsoft Management Console (mmc.exe) and add the Certificates snap-in. Choose Computer Account and then Local Computer.
  2. Find the certificate that you want to export and choose All Tasks > Export. Follow the Export wizard and make sure you export the private key too. You’ll be asked for a passphrase to use to encrypt the key.
  3. Take the PFX-format file that was created by the wizard and copy it to your UNIX machine.
  4. Use OpenSSL to convert the PFX file into a PKCS12 format:
    $ openssl pkcs12 -in whatever.pfx -out pfxoutput.txt
    
  5. The PKCS12 output file is basically a concatenation of the private key and the certificate, so use vi to slice it up into two files, a .crt for the cert and a .key for the private key.
  6. If you want to remove the passphrase from the key (highly recommended in a production environment where Apache must start up unattended) then just run:
    $ openssl rsa -in encrypted.key -out unencrypted.key
    

That’s it! You can now use the key and cert in your Apache config files.