httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joost de Heer" <sang...@xs4all.nl>
Subject [users@httpd] Re: Migrating from IIS to Apache - how to keep the SSL certificate?
Date Tue, 22 Nov 2005 08:59:08 GMT
vk01@exemail.com.au wrote:
> Hi,
>
> We are considering a migration from IIS to apache2 on a win2k server. I
> got mod_ssl up and running with a self-signed sertificate but I hit the
> wall when I tried to reuse our existing certificate signed from a CA.

First export the IIS certificate:

- Go to the IIS manager, go to the website with the certificate and cloose
'properties'
- Go to the tab 'Directory security'
- Click on 'View certificate' in the 'secure communications' section
- Click in the new screen on the tab 'details'
- Click on 'Export to file...'
- Select 'Yes, export the private key'
- Select only the option 'enable strong protection', and enter a password
- Give a filename
- Click on 'finish'.

Now you have a p12 certificate. Copy this certificate to your Apache machine

To get the key:
openssl pkcs12 -nocerts -in [.pfx] -out certificate.key

This asks for three passwords: first one is the export password used in
the previous step, and the second/third are the private key passwords. You
can later remove the private key password with

mv certificate.key certificate.key.encrypted
openssl rsa -in certificate.key.encrypted -out certificate.key

And to generate the cer:
openssl pkcs12 -nokeys -in [.pfx] -out certificate.cer

This is probably not the fastest way, but this is the documentation I made
for my colleagues.

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message