This should work to export from Linux/Apache to IIS as well, but I haven’t tested it. Certainly, the paths will be different.
Essentially, you just need to run the following at the command line on the F5:
Openssl pkcs12 -export -out file.p12 -inkey /config/ssl/ssl.key/<domainname>.key -in /config/ssl/ssl.crt/<domainname>.crt
where <domainname> is the name of the certificate you want to export, e.g. www.website.com.
This will create a file on the F5 called file.p12. You then need to move the file to your IIS web server. I did this by installing FTP on my Windows XP workstation and then FTP’ing the file to my desktop. Once on my desktop, I used Remote Desktop to connect to my web server and then copied the file from my PC to the remote server via Remote Desktop.
From there, you open the Certificates MMC plugin targeted on the Computer certificate store. Right click on the Personal folder within the plugin and import the certificate.
1 comment
A quick update on this post. The newer F5s store the certs and keys in different locations. Here is a command that should help identify the new locations (you’ll want to remove the line breaks):
openssl pkcs12 -export -out .p12
-in /config/filestore/files_d/Common_d/certificate_d/:Common:.crt_12345_1
-inkey /config/filestore/files_d/Common_d/certificate_key_d/:Common:.key_12345_1