WebMux can import SSL certificate backup files in the Personal Information
Exchange - PKCS #12 (.PFX) format. You will need to email them to us alone with your
WebMux serial number. We will convert them for you free of charge. Instructions for backing
up your SSL certificate from a Windows 2000 server running IIS 5.0 are provided below.
If you are exporting from another operating system or web server, consult your computer's
operating system or web server documentation for instructions.
Exporting Your SSL Cert From Windows 2000
To backup your SSL certificate on a Windows 2000 server:
- Open Internet Information Services (Start > Programs > Administrative Tools > Internet Services Manager).
- Find your web site in the left pane and select (right-click) Properties.
- Select the 'Directory Security' tab.
- Select 'View Certificate.'
- Select the 'Details' tab.
- Press the 'Copy to File...' button. The 'Certificate Export Wizard' launches.
- Select 'Next.'
- Select 'Yes, Export the Private Key' and 'Next.'
- Personal Information Exchange - PKCS #12 (.PFX)
- Enable 'Include all certificates in the certification path if possible'
- DO NOT enable 'Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above)'
- DO NOT enable 'Delete the private key if the export is successful.'
- Provide a password (write it down!) and select 'Next.'
- Provide a filename and select 'Next.' [We recommend no space in filename]
- Select 'Finish.'
- Send the saved .PFX file to email@example.com in an e-mail attachment.
PROVIDE YOUR PASSWORD in the e-mail message.
If you like to convert the certificate yourself, you will need to download and install
OpenSSL on your computer. If the key and certificate are saved following last section
instruction, run these commands:
openssl pkcs12 -in mycert.pfx -out mycert.pem
You will be prompt for the passphase, please enter it. Then run the next command:
openssl rsa -in mycert.pem -out privatekey.pem
to extract the private key.
If your certificate and key are stored seperately, run following commands to convert
both the certificate and
key to be used by WebMux:
openssl x509 -in input.crt -inform DER -out output.crt -outform PEM
openssl rsa -in input.key -inform DER -out output.key -outform PEM
openssl rsa -in output.key -out newkey.pem
The last step is to remove the passphase from encrypted key. During running you will
be prompted one last time for the passphase. Since no one can enter the passphase during
WebMux reboot, it will not work if the passphase is not removed.