Migrating TLS certificate from Microsoft server to Apache

Most certificates in our offer have an unlimited server license and can be deployed to multiple servers. The certificate binds to the private key on the server, so you will need to transfer both the private key and the certificate to the other server. If you combine web servers and need a certificate on both Microsoft and Apachi, we recommend that you follow these steps.

Exporting a certificate using MMC

This operation is simple as it is possible to use a PKCS # 12 file with a PFX extension for migration.

Open the MMC console (Start and search for MMC, or Run and MMC) and add the Snap-In with certificates in the console. Next, select My Computer and confirm.

You should see this console where the certificates are listed in the left part of the folders (available in the system store) and the contents of these folders can be seen on the right. Find the certificate you need to move and export it. It will probably be in your Personal folder.

Export a certificate from the certificate store
Export a certificate from the certificate store

The export wizard will ask you for several options (be sure to choose to export the private key; deleting it will disable the certificate on the server after the export) and create a PFX file. This file contains the certificate, private key and possibly CA certificates. On a new server, you can easily import it (again to your computer's storage) via MMC or simply by opening the file.

Converting PFX using OpenSSL

We now need to change the new PFX file containing the certificate and private key to the format that Apache uses. With OpenSSL, we get a private key and certificate from PFX.

Copy PFX to a computer or server where OpenSSL is available. Use this command to get the contents of the PFX file into a text file: openssl pkcs12-in mydomain.pfx -out mydomain.txt -nodes You will be prompted for a PFX import password for protecting the contents of the file. Open the obtained text file and save separately the private key, which you can recognize by its beginning: -----BEGIN RSA PRIVATE KEY----- and the certificate that has beginning -----BEGIN CERTIFICATE----- We recommend using mydomain.key (private key), mydomain.crt (certificate), intermediateCA.crt (both Intermediate certificates). Intermediate certificates are likely to be included in the PFX file, which you can save in the same way, but this is not necessary. You can find them in the email with certificate you received or in the SSLmarket administration.

Feel free to contact our Customer Support to help you choose a certificate and ask any questions.

Has this article been useful?