Exporting SSL certificates from Windows to Linux
Last Updated: 1/14/2015
Step one: PFX Export on Windows Server
You'll need to get the certificate and key out of Windows into a pfx (PKCS #12) format.
- Click Start, Run, then type "mmc" and hit enter.
- In the left menu, choose "Add/Remove Snap In".
- Click "Add", then click "Certificates", then click OK.
- When the wizard starts, select "Computer Account", "Local Computer" and finish the wizard. (Be sure to remember the password you set as we'll use it later)
- Once the wizard has completed, go back to the MMC and expand the "Certificates" node, then the "Personal" node.
- Click on the "Certificates" node under "Personal" and find your certificate in the right panel.
- Right-click on the certificate and choose "All Tasks", then "Export".
- When the wizard starts, select "Yes" for exporting the private key, then select ONLY "Strong Private Key Protection" from the PFX section. You will also need to set the password and specify a location to save the PFX file.
- After the PFX file has been saved, close out of the MMC.
- Upload the PFX file to a linux server with openssl.
Step 2: Breaking up the PFX file into .key and .crt
- You'll want to decrypt the PFX file into a plantext PEM file. (NOTE: PFX files are binary files and can't be viewed in a text editor) Type:
openssl pkcs12 -n file.pfx -out file.pem - You'll be asked for the password for the PFX (which is the one you set in the Windows Wizard). Once you enter the password, you will be asked for a new password. You'll want to remember this password for later.
- Open up the PEM file in a text editor and copy the private key and certificate key to different files (i.e. file.key and file.crt)
- openssl rsa -n file.key -out file.key
- openssl rsa -n file.crt -out file.crt
- That's it. You now have the .key and .crt file to use on a Linux / Unix server.