Export private key and certificate from IIS .pfx file

( 2 Votes ) 


If you need to move or copy a certificate from Windows IIS6 to Linux Apache server (or other device requiring .key and .crt formats) perform following steps:

1. Export IIS6 certificate into into .pfx format
On Windows Server machine
Start > Run MMC
File > Add/Remove Snap-in
Add > Certificates > Add > Computer Account > Local Computer
Navigate to Certificates > Personal > Certificates
Right click your certificate > All Tasks > Export
Yes, export private key
Personal Information Exchange (.pfx) - clear all checkboxes
leave password blank
Choose where to save file
Finish

2 . Extract private key and certificate file
You need OpenSSL to extract private key and certificate from .pfx
If you have Linux web server in place you should already have openssl there.
Alternatively you can download and install Windows version. For more info and latest versions check here
If you installed Windows version run openssl.exe from C:\OpenSSL-Win32\bin
In Linux version just type openssl in terminal

in OpenSSL
Export private key and certificate:
pkcs12 -in "C:\your\path\filename.pfx" -out "C:\your\path\cert.pem"
Enter Import Password: leave blank
Enter PEM pass phrase: 1234 (or anything else)

Created cert.pem file will have encrypted private key and all certificates (identity, root, intermediate) in a plain text.
To extract certificates or encrypted private key just open cert.pem in a text editor and copy required parts to a new .crt or .key file. If formatting doesn't look right in Windows notepad use Notepad++ or similar text editor.

If you need private key in not encrypted format you can extract it from cert.pem removing encryption:
rsa -in "C:\your\path\cert.pem" -out "C:\your\path\PrivateKey.key"
Enter pass phrase (1234 or somethinkg else you set previously) to remove encryption.


Windows Server 2003
IIS6
OpenSSL




Add comment


Security code
Refresh

Newsletter

Subscribe to receive occasional updates on new posts.

Your email will not be used for any other purpose and you can unsubscribe at any time.

Privacy Policy                     Login