Exporting a SSL certificate from an IIS Windows server.
First export your IIS certificate into a pfx file (this is something you should do anyways for backup) :
Run mmc.exe
Click the 'Console' menu and then click 'Add/Remove Snap-in'.
Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.
Select 'Computer Account' then click 'Next'.
Select 'Local Computer' and then click 'OK'.
Click 'Close' and then click 'OK'.
Expand the menu for 'Certificates' and click on the 'Personal' folder.
Right click on the certificate that you want to export and select 'All tasks' → 'Export'.
A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.
Convert SSL certificates generated for IIS to private key and certificates files you can use on Apache for windows or Linux.
Run openssl to extract the private key, and the cert file.
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
openssl rsa -in key.pem -out server.key
Convert SSL certificates from .crt to .pem or .pfx (Windows / Linux compatibility)
openssl x509 -inform der -in certificate.cer -out certificate.pem
openssl x509 -outform der -in certificate.pem -out certificate.der
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Importing your certificate on IIS
Importing your Certificate/Private Key (from .pfx file format)
From the Start menu, select “Run…”. Type “mmc” and hit Enter.
Under the File menu choose Add/Remove Snap in.
Click Add, then from the Add Standalone Snap-in panel choose Certificates, and click Add.
Choose Computer Account and click Next, then choose Local Computer and click Finish.
Close the Add Standalone Snap-In window by clicking Close.
Close the Add/Remove Snap-in window by clicking Ok.
Click the + to Expand the Certificates (Local Computer) Console Tree
Right click on the Personal Certificates Store (folder)
Choose > ALL TASKS > Import
Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.
Configuring your certificate on IIS
In your
IIS manager, right-click on the site that you would like to use the certificate and select properties.
Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
If given the option, Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported.
If you do not have that option, you should be asked what you want to do with the current certificate on the site, choose the option to “replace” your current certificate.
Occassionally a server or IIS restart is required before your server will recognize the new certificate.