** Pronouns is way to written **
Create a new key and certificate under linux with openssl 1. Create an RSA private key for your Apache server PEM-formatted:
openssl genrsa -out domainname.key 2048 2. Now create a Certificate Signing Request (CSR) using the RSA private key created above:
openssl req -new -key domainname.key -out domainname.csr *** 3. copy inside of domainname.csr file and paste it into official ssl provider webpage such as godaddy or etc. and paste it into “RE-Key” from the site. Then re-download domain.crt file and put it into apache conf. PS: be aware to enter correct domain address such as http://www.domain.com while generationg domaincsr file when it asks domain name. it must be match. ——————————————————————————————————————- In order to export the Certificate, Private Key and any intermediate certificate as a pfx file use the command below: – > openssl pkcs12 -export -in my.crt -inkey my.key -certfile my.bundle -out my.pfx
# openssl x509 -req -days 365 -in www.xxx.com.csr -signkey www.xxx.com.key -out www.xxx.com.crt
Check CSR file
openssl req -in domain.csr -noout -text
Check CRT file
openssl x509 -in certificate.crt -text -noout
——————————————————————————————————————- Moving a Certificate from Apache to a Windows IIS Server.
- Back up your certificate:To import your certificate to Windows, you will first need to combine your primary certificate, Intermediate (CA) Certificate, and your private key file into a .pfx type backup file. To do this, use the following command:
openssl pkcs12 -export -out DigiCertBackup.pfx -inkey your_private_key_file.txt -in your_domain_name.crt -certfile DigiCertCA.crtThis creates a backup of your primary certificate called DigiCertBackup.pfx. Copy this file to your IIS Server.
- Once the .pfx file is copied to your Windows server, follow these instructions to import your PFX file on Windows.
Configuring Your Site – IIS 5/6
- In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
- Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
- If given the option, Choose to ‘Assign an existing certificate’ to the site and choose the new certificate that you just imported. If you do not have that option, you should be asked what you want to do with the current certificate on the site, choose the option to “replace” your current certificate.
- Browse to the .pfx file that you created earlier.
- Finish the certificate wizard.
Occassionally a server or IIS restart is required before your server will recognize the new certificate. Importing an IIS .pfx file certificate into Apache or other non-Windows-based servers. Most servers use plaintext certificate files. The certificate files that you download from your digicert account are already in this format. However, the private key that was generated on your IIS server is not yet in this format. This same private key is required for your certificate to function properly on your non-Windows-based server. To export the private key from the Windows IIS server to your non-windows-based machine, you must extract the private key from a Windows .pfx backup certificate. To do this you will use the OpenSSL utility to extract the private key from the .pfx backup file:
- First backup the certificate you have working on your IIS server to a .pfx file using the instructions listed above.
- Second, use the following OpenSSL command to create a new text file from which you can separate the Private Key:
openssl pkcs12 -in mypfxfile.pfx -out outputfile.txt -nodeswhere mypfxfile.pfx is the certificate backup from your IIS server.
- The above command would have created a text file named outputfile.txt. Open this file with a text editor and you will see the private key listed first:
-----BEGIN RSA PRIVATE KEY----- (Block of Random Text) -----END RSA PRIVATE KEY-----
- Copy and paste all of the private key, including the BEGIN and END tags to a new text file and save it as your_domain_name.key
- Use the Digicert Certificate Installation Instructions to install the the .key file you just created and the other certificate files from your Digicert Account to your new server.
http://www.oguzpastirmaci.com/?p=264 http://sycure.wordpress.com/2008/05/15/tips-using-openssl-to-extract-private-key-pem-file-from-pfx-personal-information-exchange/ https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=600 http://nl.globalsign.com/en/support/ssl+certificates/microsoft/all+windows+servers/export+private+key+or+certificate/