Convert SSL Certificate from IIS formatted (PKCS#12/.pfx)
This document assumes your IIS server is already configured with an SSL certificate from either a public certificate authority (such as Digicert or Thawte) or a private organazitional certificate authority within your organization. So, first get your IIS server configured with your SSL certificate, the following steps hopefully will assist you to get the Apache formatted certificate and key files that you can then use with the appxConnector and appxMongConnector.
This process will make use of an opensource tool called openssl. It is included in
MacOS, available for free installation (via DNF or YUM) in Linux, and freely downloadable for Windows from
here. The openssl syntax shown below should be the same no matter the platform you are on.
Export your IIS certificate into a .PFX file
- Run mmc.exe tool
- Click ‘Console’ menu then click ‘Add/Remove Snap-in’.
- Click ‘Add’ button then choose ‘certificates’ snap-in and click on ‘Add’.
- Now select ‘Computer Account’ then click ‘Next’.
- Select ‘Local Computer’ then click ‘OK’.
- Now click ‘Close’ then click ‘OK’.
- Now expand menu for ‘Certificates’ and click on the ‘Personal’ folder.
- Right click on the certificate that you want to export and select ‘All tasks’ -> ‘Export’.
- A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file. I seem to recall that you'll need to passprase protect the .PFX file.
Extract the server's private key from the .PFX
Here we will export the private key file from the .PFX file.
$ openssl pkcs12 -in filename.pfx -nocerts -out keyfile.pem
Extract the certificate file from the .PFX
Now let's export the certificate file from the .PFX file.
$ openssl pkcs12 -in filename.pfx -clcerts -nokeys -out certificate.crt
Remove the passphrase by copying key to new file without passphrase
Here we are removing the passphrase from the private key. You'll not want the key file passphrase protected for this.
$ openssl rsa -in keyfile.pem -out server.key
--
Joe Ortagus - 2020-11-18
Comments