Anchor - Moving SSL Certificates from IIS to Apache
Posted by Rick Klemetson, Last modified by Anne Doring on Apr 07, 2016 11:13 AM

Overview

When setting up an Anchor Private Cloud environment, you need to configure an SSL certificate for your Apache server. If you already have an existing IIS .pfx file, you must first convert it to a .key file using the OpenSSL application, according to the instructions outlined below. After completing these steps, you can then continue the SSL certificate configuration process for your Apache server by referencing the How Do I Set Up a Single Domain SSL Certificate or a Wildcard Certificate Knowledgebase article.

Exporting an IIS Certificate

Before you begin, you must export your IIS certificate into a .pfx file.

  1. Run mmc.exe.
  2. In the Console menu select Add/Remove Snap-in.
  3. Click the Add button, select the certificates snap-in, and and then select Add.
  4. Select Computer Account then click Next.
  5. Select Local Computer and then click OK.
  6. Click Close and then click OK.
  7. Expand the menu for Certificates and click the Personal folder.
  8. Right click on the certificate that you want to export and select All tasks > Export.
  9. A wizard will launch. Make sure you check the box to include the private key and continue through with this wizard until you have a .pfx file.

Use OpenSSL to Extract the Private Key and Certificate File

Next, run OpenSSL to extract the private key and the certificate file.

  1. Open up a command prompt window.
  2. Within the command line, navigate to the Apache24\bin directory:
    C:\>cd C:\Apache24\bin\
  3. Launch the openssl application:
    C:\Apache24\bin\>openssl
  4. Export the private key file from the pfx file:
    OpenSSL> pkcs12 -in filename.pfx -nocerts -out key.pem
  5. Export the certificate file from the pfx file:
    OpenSSL> pkcs12 -in filename.pfx -clcerts -nokeys -out yourdomainname.crt
  6. Remove the passphrase from the private key, so Apache won't prompt you for your passphase when it starts:
    OpenSSL> rsa -in key.pem -out yourdomainname.key
  7. Open yourdomainname.crt in notepad and remove all contents prior to -----BEGIN CERTIFICATE----- and then save the file.

    You can now configure Apache with these files. For more information, please reference the How Do I Set Up a Single Domain SSL Certificate or a Wildcard Certificate Knowledgebase article.

 

(0 vote(s))
Helpful
Not helpful

Comments (0)