How to backup and export a certificate from Apache.

Problem

How to backup and export a certificate from Apache.

Resolution

In some instances, you may want to move a certificate from one server to another.  You may also want to back up the certificate that you have installed.  Depending on where you are moving your certificate to, the type of file you want will vary.

Note: This guide contains a high level approach to backing up and exporting a certificate.  For a more in-depth view on installing a certificate onto Apache or IIS, please search the QuoVadis Knowledge Base for the appropriate articles.

Backing Up The SSL Certificate

Apache stores both the SSL certificate and its private key as two separate files.  The location of these files are referenced in your configuration.  Open your configuration file and look for the following:

SSLCertificateFile /<path to><your_SSL_Certificate>.crt
SSLCertificateKeyFile /<path to><*.key file you created with the CSR>.key


Navigate to both paths and copy both the *.crt and *.key file in a secure location.

Migrating an Apache Certificate to Microsoft IIS.

The easiest way to install a certificate onto IIS where the private key and matching public key has already been created is to create a *.pfx file.  A .pfx (may also be called a .p12 file) is a file that contains both your public and private keys merged together.

As Apache contains both of your keys as two separate files, you must merge them together to make a *.pfx (or *.p12) file.  The easiest way to do this is to obtain both files and use a command in OpenSSL to do this.  The following command is:

openssl pkcs12 -export -out mycertificate.pfx -inkey privateKey.key -in certificate.crt

Note: All fields that are underlined in the above command are variables and can change depending on the name of your files.  The 'mycertificate' can be changed to any name you desire.

Once you have created your PFX file, copy it across to your Windows Server and you can install it.

Migrating an SSL certificate from Apache to Another Apache Installation

Follow the Backing Up The SSL Certificate section of this document.

Once you have obtained both the *.crt and *.key files from your current Apache installation, copy them across to your new Apache server.

After you have completed this, you must configure SSL within Apache to use these two files.

Note: Please ensure that you also configure the certificate chain files within your new Apache configuration:

SSLCertificateChainFile /<path to> qvsslica.crt
SSLCACertificateFile /<path to> qvrca2.crt

Add Feedback