Tags:
create new tag
view all tags

Convert SSL Certificate from IIS formatted (PKCS#12/.pfx)

This document assumes your IIS server is already configured with an SSL certificate from either a public certificate authority (such as Digicert or Thawte) or a private organazitional certificate authority within your organization. So, first get your IIS server configured with your SSL certificate, the following steps hopefully will assist you to get the Apache formatted certificate and key files that you can then use with the appxConnector and appxMongConnector.

This process will make use of an opensource tool called openssl. It is included in MacOS, available for free installation (via DNF or YUM) in Linux, and freely downloadable for Windows from here. The openssl syntax shown below should be the same no matter the platform you are on.

Export your IIS certificate into a .PFX file

  • Run mmc.exe tool
  • Click ‘Console’ menu then click ‘Add/Remove Snap-in’.
  • Click ‘Add’ button then choose ‘certificates’ snap-in and click on ‘Add’.
  • Now select ‘Computer Account’ then click ‘Next’.
  • Select ‘Local Computer’ then click ‘OK’.
  • Now click ‘Close’ then click ‘OK’.
  • Now expand menu for ‘Certificates’ and click on the ‘Personal’ folder.
  • Right click on the certificate that you want to export and select ‘All tasks’ -> ‘Export’.
  • A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file. I seem to recall that you'll need to passprase protect the .PFX file.

Extract the server's private key from the .PFX

Here we will export the private key file from the .PFX file. $ openssl pkcs12 -in filename.pfx -nocerts -out keyfile.pem

Extract the certificate file from the .PFX

Now let's export the certificate file from the .PFX file. $ openssl pkcs12 -in filename.pfx -clcerts -nokeys -out certificate.crt

Remove the passphrase by copying key to new file without passphrase

Here we are removing the passphrase from the private key. You'll not want the key file passphrase protected for this. $ openssl rsa -in keyfile.pem -out server.key

-- Joe Ortagus - 2020-11-18

Comments

Topic revision: r1 - 2020-11-18 - JoeOrtagus
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback