Tech Tips  
Home   Company   Solutions   Products   Sales   Services   Support
   How to convert existing IIS SSL certificate

WebMux can import SSL certificate backup files in the Personal Information Exchange - PKCS #12 (.PFX) format. You will need to email them to us alone with your WebMux serial number. We will convert them for you free of charge. Instructions for backing up your SSL certificate from a Windows 2000 server running IIS 5.0 are provided below. If you are exporting from another operating system or web server, consult your computer's operating system or web server documentation for instructions.

Exporting Your SSL Cert From Windows 2000

To backup your SSL certificate on a Windows 2000 server:

  1. Open Internet Information Services (Start > Programs > Administrative Tools > Internet Services Manager).
  2. Find your web site in the left pane and select (right-click) Properties.
  3. Select the 'Directory Security' tab.
  4. Select 'View Certificate.'
  5. Select the 'Details' tab.
  6. Press the 'Copy to File...' button. The 'Certificate Export Wizard' launches.
  7. Select 'Next.'
  8. Select 'Yes, Export the Private Key' and 'Next.'
  9. Select:
    • Personal Information Exchange - PKCS #12 (.PFX)
      • Enable 'Include all certificates in the certification path if possible'
      • DO NOT enable 'Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above)'
      • DO NOT enable 'Delete the private key if the export is successful.'
    • Next
  10. Provide a password (write it down!) and select 'Next.'
  11. Provide a filename and select 'Next.' [We recommend no space in filename]
  12. Select 'Finish.'
  13. Send the saved .PFX file to in an e-mail attachment. PROVIDE YOUR PASSWORD in the e-mail message.

If you like to convert the certificate yourself, you will need to download and install OpenSSL on your computer. If the key and certificate are saved following last section instruction, run these commands:

openssl pkcs12 -in mycert.pfx -out mycert.pem
You will be prompt for the passphase, please enter it. Then run the next command:
openssl rsa -in mycert.pem -out privatekey.pem
to extract the private key.

If your certificate and key are stored seperately, run following commands to convert both the certificate and key to be used by WebMux:

openssl x509 -in input.crt -inform DER -out output.crt -outform PEM
openssl rsa -in input.key -inform DER -out output.key -outform PEM
openssl rsa -in output.key -out newkey.pem

The last step is to remove the passphase from encrypted key. During running you will be prompted one last time for the passphase. Since no one can enter the passphase during WebMux reboot, it will not work if the passphase is not removed.

Contact us   Jobs   Press   Privacy   Terms of use
Copyright © 1987- CAI Networks, Inc. Copyright © 1998-2000 Red Hill Networks, Inc. All rights reserved.