How to move ssl certificate

how to move ssl certificate

Entrust Certificate Services Support Knowledge Base

Audience: Administrator

Last Modified: 2006-09-12 13:31:17.0

TN 5768 - How do I move an SSL server certificate from Apache to IIS 5?

In order to transfer an existing keypair from Apache to IIS 5.0 you must convert the private key and Entrust SSL certificate to single P12 file using OpenSSL

Instructions:

1. Convert the keypair to a P12 format (PFX)

Openssl pkcs12 -export -out file.p12 -inkey privatekey.key -in certificate.crt

"file.p12" is your new container file

"Privatekey.key" is the name of your existing private key

"certificate.crt" is your Entrust SSL certificate

Example:

[root@Apache9 conf]# openssl pkcs12 -export -out keypair.p12 -inkey /etc/httpd/conf/ssl.key/apache9-0.key -in /etc/httpd/conf/ssl.crt/apache9-0.crt

Enter pass phrase for /etc/httpd/conf/ssl.key/apache9-0.key:

Enter Export Password:

Verifying - Enter Export Password:

[root@Apache9 conf]#

As shown in the example above, you must know the current password of the original private key if set at the time the private key was created. You may then specify a password for the export file and transfer this file to your IIS 5.0 machine that is going to host the site.

2. Adding your Certificate Snap-In

Once you have transferred the P12 file to the IIS 5.0 machine, the Certificates snap-in utility must be installed in order to import your P12 file.

In Windows 2000 Use the following steps to create a new Microsoft Managua Console (MMC) and add the

Click Start, and then click Run.

Type in "MMC" (without the quotation marks) and click OK.

Click Console in the new MMC you created, and then click Add/Remove Snap-in.

In the new window that appears, click Add.

Highlight Certificates, and then click Add.

Choose the Computer account option and click Next.

Select Local Computer on the next screen, and then click Finish.

Click Close, and then click OK.

3. Importing your P12 file:

Select Next twice to continue and Finish

Select OK to complete the Import.

4. Assign the certificate to the IIS 5.0 site

To enable IIS 5.0 to use this certificate please follow the steps proceeding:

Go into the properties of the site and choose the Directory Security tab

Click on Server Certificate button under Secure Communication area.

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable

Source: www.entrust.net

Category: Insurance

Similar articles: