Table of Contents

Exporting a SSL certificate from an IIS Windows server.

First export your IIS certificate into a pfx file (this is something you should do anyways for backup) :

Convert SSL certificates generated for IIS to private key and certificates files you can use on Apache for windows or Linux.

Run openssl to extract the private key, and the cert file.

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

openssl rsa -in key.pem -out server.key

Convert SSL certificates from .crt to .pem or .pfx (Windows / Linux compatibility)

openssl x509 -inform der -in certificate.cer -out certificate.pem

openssl x509 -outform der -in certificate.pem -out certificate.der

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Importing your certificate on IIS

Importing your Certificate/Private Key (from .pfx file format)

Configuring your certificate on IIS

If you do not have that option, you should be asked what you want to do with the current certificate on the site, choose the option to “replace” your current certificate.

Occassionally a server or IIS restart is required before your server will recognize the new certificate.