(2 votes, average: 5.00 out of 5)
Because of reasons like – change in hosting provider, load balancing, scaling, etc., you may be required to move or copy SSL certificates from one server to another. However, doing so can be troublesome – if you are unaware of the steps involved in the migration process.
If you are facing issues while migrating the cert or don’t know how to do that – don’t worry. In this article, we will explain – the standard process to migrate your SSL certificate from one server to another.
To help you better understand, we will also explore a step-by-step procedure that needs to be followed to move or copy SSL certificates from a Windows Server to another Windows Server.
So, why wait – Let’s start!
From a high-level perspective, irrespective of the servers involved, you can migrate your SSL cert using a simple process comprising of these three steps:
Follow the steps mentioned below to accomplish the same:
Export the Certificate From the Current Windows Server
Convert the SSL Certificate
There is no need to convert the certificate’s format as you are exporting the cert from a Windows server and installing it on another Windows server; hence, changing its format is unnecessary.
Import the Certificate on the New Windows Server
With this steps, you have successfully moved or copied an SSL certificate from a Windows Server to another Windows Server. All that’s left is to bind the imported cert to a specific website.
Follow the steps mentioned below to move or copy an SSL cert from a Windows server to an Apache server:
Utilize the OpenSSL cmd mentioned below to create a text file containing the contents of the .pfx file:
openssl pkcs12 -in mysslcert.pfx -out mysslcert.txt -nodes
Open a text editor (Notepad), and copy the Primary and Intermediate SSL Certificate and Private key to its own text file, including the “—–BEGIN PRIVATE KEY—– and –—-END PRIVATE KEY—–” tags. Save them with names like – mysslcert.key, mysslcert.crt, etc.
Before configuring the Apache server, transfer the certificate and key files to the server. To do this, use the SFTP or SCP client to upload the files to the server’s secure location (/etc/ssl directory). Also, ensure the certificate and key files have valid permissions on the Apache server, or it will not be able to read the files.
Follow the steps mentioned below to configure Apache Server:
Note: Replace the actual file paths for the certificate and key files on the Apache server.
With this – you have successfully moved or copied an SSL certificate from a Windows Server to an Apache Server.
Follow the steps mentioned below to move or copy an SSL cert from an Apache server to a Windows server:
To export the SSL certificate and private key from the Apache server, use the below-mentioned command:
sudo openssl pkcs12 -Export -out certificate.pfx -inkey private.key -in certificate.crt
Note: This will export the SSL certificate and convert it to .PFX. Copy the .pfx file to the Windows server using a secure method such as SFTP or SCP. Use the Microsoft Management Console and the Certificates snap-in on a Windows server to install the .pfx file.
With this – you have successfully moved or copied an SSL certificate from an Apache Server to a Windows Server.
Follow the steps mentioned below to move or copy an SSL cert from a Tomcat/Java Server to OpenSSL:
To export SSL certificate files, use the below-mentioned command:
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -destkeystore certificate.p12 -deststoretype PKCS12
Note: This will export the SSL certificate and convert it to .p12 file. Copy the .p12 file to the OpenSSL server. You can use a secure method such as SFTP or SCP to transfer the file from the Tomcat server to the OpenSSL server.
To convert .p12 to .txt, use the below-mentioned command:
openssl pkcs12 -in certificate.p12 -out certificate.txt -nodes
With this – you have successfully moved or copied an SSL certificate from a Tomcat/Java Server to OpenSSL.
In today’s era, where multiple organizations use Multi-domain or Wildcard SSL certs to secure multiple domains or sub-domains using a single certificate – you may find the migration of SSL certificates as an everyday activity. The process is straightforward and involves three steps- Export, Convert (if needed), and Import.