I will try to keep this short and to the point.

If you work in a Windows/Linux mixed environment, you may come across a scenario where you need to move SSL certificates and private keys from a Windows server using IIS to Linux running Apache or similar.

Windows and Linux tend to use two different key formats and this can make things tricky. Today I want to briefly write down/share the commands you can run using the OpenSSL framework to convert a Windows PFX formatted exported certificate into something Apache can use.

1. Export your certificate from the Windows Certificate store and save it as a PFX. Be sure to tick the option to export the private key if you need it. Password protect the file (you will be prompted to do this)

2. Doing the above should result in a PFX file (for our example, lets say, cert.pfx). Use SFTP or some other method to copy that PFX file to a folder on your linux machine.

3. From the linux command-line, navigate to that folder and run the following command:

openssl pkcs12 -in cert.pfx -out cert.txt -nodes

If you password protected the PFX file you will be prompted to enter that password. After the command finishes running, you should have a cert.txt file in your folder.

4. You can then open up that cert.txt file and copy/paste each section into a separate file. The sections each look something like this:

sjfklasjfiop12390u8sf2i0j0f9j0123 etc....

There should be a section for the private key, the ssl certificate, and possibly an intermediate chain certificate. Create a new text document for each and copy each section in starting with the “—BEGIN …” line and ending with the “—END…” line.

You should end up with 2 or 3 files when you are done, in effect:


You can name them however you want and the file extension usually doesn’t matter. You can now use these files with Apache and many other Linux software packages!



1 of 1

This post has no comments. Be the first to leave one!

Leave a Reply