How to Move or Copy SSL Certificates from One Server to Another?

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...
Move or Copy an SSL Certificate from One Server to Another

Because of reasons like – change in hosting provider, load balancing, scaling, etc.,  you may be required to move or copy SSL certificates from one server to another. However, doing so can be troublesome – if you are unaware of the steps involved in the migration process.

If you are facing issues while migrating the cert or don’t know how to do that – don’t worry. In this article, we will explain – the standard process to migrate your SSL certificate from one server to another.

To help you better understand, we will also explore a step-by-step procedure that needs to be followed to move or copy SSL certificates from a Windows Server to another Windows Server.

So, why wait – Let’s start!

Standard Process to Migrate your SSL Certificate from One Server to Another

From a high-level perspective, irrespective of the servers involved, you can migrate your SSL cert using a simple process comprising of these three steps:

  1. Export SSL and chain certificates, along with private keys from its current server
  2. Convert the SSL certificate format to meet the server’s requirement on which you will install that cert, if required.
  3. Import the SSL Certificate on your new server.

How to Move or Copy an SSL Certificate From a Windows Server to Another Windows Server

Follow the steps mentioned below to accomplish the same:

Export the Certificate From the Current Windows Server

  • Click on Search, placed on the taskbar.
  • Type IIS and press Enter.
  • The Internet Information Services (IIS) Manager window will appear.
  • Select the server on which the SSL cert is installed.
  • Click Server Certificates.
  • Right-click on the SSL certificate that you want to export.
  • From the list, select Export.
  • In the Export Certificate box, perform the following actions:
    • In the Export to box, enter the location where your certificate will be exported.
    • In the Password box, type the password.
    • In the Confirm Password box, type the same password again.
    • Click OK.

Convert the SSL Certificate

There is no need to convert the certificate’s format as you are exporting the cert from a Windows server and installing it on another Windows server; hence, changing its format is unnecessary.

Import the Certificate on the New Windows Server

  • Click on Search, placed on the taskbar.
  • Type IIS and press Enter.
  • The Internet Information Services (IIS) Manager window will appear.
  • Under the Actions tab, click Import.
  • The Import Certificate dialog box will open.
  • In the Import Certificate box, perform the following actions:
    • In the Certificate file (.pfx) box, enter the location where the exported SSL cert is stored.
    • In the Password box, type the password you entered while exporting the certificate.
    • Click OK.

With this steps, you have successfully moved or copied an SSL certificate from a Windows Server to another Windows Server. All that’s left is to bind the imported cert to a specific website.

How to Move or Copy an SSL Certificate From a Windows Server to an Apache Server?

Follow the steps mentioned below to move or copy an SSL cert from a Windows server to an Apache server:

Export the SSL Certificate and Private Key

  1. On your keyboard, simultaneously press the Windows + R buttons.
  2. Type in MMC and click OK.
  3. From the File list, click Add/Remove Snap-in.
  4. Click on Computer Account and then click Next.
  5. Leave Local Computer selected.
  6. Click Finish.
  7. In the left pane, click plus (+) placed adjacent to Certificates.
  8. Click the plus icon adjacent to the Personal folder.
  9.  Click on the Certificates folder.
  10. Right-click on the SSL cert you want to export.
  11. Select All Tasks, and from the list, click Export.
  12. In the Certificate Export Wizard, click Next.
  13. Click Yes, export the private key.
  14. Click Next.
  15. Click the checkbox adjacent to Include all certificates in the certification path if possible.
  16. Click Next.
  17. Type and confirm the password. (The password will be required to import the cert onto a different server.)
  18. Click Browse and save the .pfx file to the desired location.
  19. Type in a name such as mysslcert.pfx.
  20. Click Next.
  21. Click Finish.

Convert the SSL Certificate

Utilize the OpenSSL cmd mentioned below to create a text file containing the contents of the .pfx file:

openssl pkcs12 -in mysslcert.pfx -out mysslcert.txt -nodes

Open a text editor (Notepad), and copy the Primary and Intermediate SSL Certificate and Private key to its own text file, including the “—–BEGIN PRIVATE KEY—– and –—-END PRIVATE KEY—–” tags. Save them with names like – mysslcert.key, mysslcert.crt, etc.

Configure the Apache Server

Before configuring the Apache server, transfer the certificate and key files to the server. To do this, use the SFTP or SCP client to upload the files to the server’s secure location (/etc/ssl directory). Also, ensure the certificate and key files have valid permissions on the Apache server, or it will not be able to read the files.

Follow the steps mentioned below to configure Apache Server:

  • Add these directives in the Apache Configuration file:
    • SSLCertificateFile /path/to/certificate.crt
    • SSLCertificateKeyFile /path/to/private.key
  • Restart the server. (You can utilize – the “systemctl restart apache2” command to do so.)

Note: Replace the actual file paths for the certificate and key files on the Apache server.

With this – you have successfully moved or copied an SSL certificate from a Windows Server to an Apache Server.

How to Move or Copy an SSL Certificate From an Apache Server to a Windows Server?

Follow the steps mentioned below to move or copy an SSL cert from an Apache server to a Windows server:

Export the SSL certificate and Private Key

To export the SSL certificate and private key from the Apache server, use the below-mentioned command:

sudo openssl pkcs12 -Export -out certificate.pfx -inkey private.key -in certificate.crt

Note: This will export the SSL certificate and convert it to .PFX. Copy the .pfx file to the Windows server using a secure method such as SFTP or SCP. Use the Microsoft Management Console and the Certificates snap-in on a Windows server to install the .pfx file.

Configure the Server

  1. Click Search, type IIS Manager, and press Enter.
  2. The IIS Manager window will appear.
  3. Click on the website that you want to secure with SSL.
  4. In the right pane, under the Actions section, click Bindings.
  5. Click Add.
  6. The Add Site Binding window will appear.
  7. From the Type list, select https.
  8. Select the SSL certificate that you imported in the previous step in the SSL certificate dropdown.
  9. Click OK.

With this – you have successfully moved or copied an SSL certificate from an Apache Server to a Windows Server.

How to Move or Copy an SSL Certificate From Tomcat/Java Server to OpenSSL?

Follow the steps mentioned below to move or copy an SSL cert from a Tomcat/Java Server to OpenSSL:

Export the SSL Certificate and Private Key

To export SSL certificate files, use the below-mentioned command:

keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -destkeystore certificate.p12 -deststoretype PKCS12

Note: This will export the SSL certificate and convert it to .p12 file. Copy the .p12 file to the OpenSSL server. You can use a secure method such as SFTP or SCP to transfer the file from the Tomcat server to the OpenSSL server.

Convert the .p12 file to Separate Certificate and Key Files

To convert .p12 to .txt, use the below-mentioned command:

openssl pkcs12 -in certificate.p12 -out certificate.txt -nodes

Install the SSL Certificate

  • Open .txt file using a text editor (For ex – Notepad).
  • Copy the data to separate certificate and key files.
  • Place the certificate and key files in the appropriate locations.
  • Edit the OpenSSL configuration file to specify their locations.
  • Enable SSL for the site that you want to secure.

With this – you have successfully moved or copied an SSL certificate from a Tomcat/Java Server to OpenSSL.

Conclusion

In today’s era, where multiple organizations use Multi-domain or Wildcard SSL certs to secure multiple domains or sub-domains using a single certificate – you may find the migration of SSL certificates as an everyday activity. The process is straightforward and involves three steps- Export, Convert (if needed), and Import.

Related posts:

  1. How To Install SSL Certificate on Apache Web Server
  2. How to Install SSL Certificate on Remote Desktop Services
  3. How to Install SSL Certificate on Oracle Servers?
  4. How to Install SSL Certificate on IBM Cloud?
<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109.7 29.02"><defs><style>.cls-1{fill:#fff;}</style></defs><path class="cls-1" d="m5.38,22.85c-3.1-.26-5.3-1.92-5.38-4.8h3.6c.1,1.1.67,1.85,1.78,2.09v-4.58c-2.47-.62-5.38-1.32-5.38-4.87,0-2.83,2.26-4.68,5.38-4.92v-1.94h1.54v1.94c3,.24,5.02,1.85,5.23,4.7h-3.62c-.1-.94-.67-1.66-1.61-1.94v4.54c2.5.65,5.42,1.3,5.42,4.85,0,2.45-1.92,4.73-5.42,4.97v1.94h-1.54v-1.97Zm0-10.25v-4.15c-1.1.17-1.87.84-1.87,2.06,0,1.13.77,1.7,1.87,2.09Zm1.54,3.38v4.2c1.22-.22,1.94-1.06,1.94-2.14s-.82-1.68-1.94-2.06Z"/><path class="cls-1" d="m17.62,8.33h-2.33v-3.1h5.78v17.5h-3.46v-14.4Z"/><path class="cls-1" d="m28.27,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m41.28,22.9c-1.22,0-2.09-.86-2.09-1.97s.86-1.97,2.09-1.97,2.04.86,2.04,1.97-.86,1.97-2.04,1.97Z"/><path class="cls-1" d="m49.54,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m64.56,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.9-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m81.79,0h3.29l-6.48,27.07h-3.29L81.79,0Z"/><path class="cls-1" d="m96.89,9.43h3.58l-8.23,19.59h-3.58l2.88-6.62-5.33-12.96h3.77l3.43,9.29,3.48-9.29Z"/><path class="cls-1" d="m105.62,22.73h-3.36v-13.3h3.36v2.06c.84-1.37,2.23-2.26,4.08-2.26v3.53h-.89c-1.99,0-3.19.77-3.19,3.34v6.62Z"/></svg>