How to convert a IIS SSL certificate and Apache private Key into a PFX Certificate.
So, you are in the unlikely situation of have an OpenSSL private key and a IIS PCB7 Certificate from a certificate Authority.
You would like to install these two in IIS.
Of course after an hour of trying to figure it out you will notice that it simply can not be done.
You need to perform some conversions to turn the .cer and .key into an .pfx file.
These are the steps:
- First convert the issued certificate from the CA (its in the format of P7B mostly ending in .cer) into a pem file.
openssl pkcs7 -print_certs -in domainname.cer -out domainname.pem
- Next, convert the pem certificate and the private key into the PFX cert.
openssl pkcs12 -export -out domainname.pfx -inkey private.key -in domainname.pem
- The resulting domainname.pfx file can now be imported via the certificate MMC snap-in (Local Computer Account).
- Once imported, just open the Website properties -> Directory Security Tab -> Server Certificate -> Assign an existing certificate.
- Voila, you have just created and installed a pfx certificate from an PEM private Key and a P7B Certificate.
One last tip, if you ever have odd issues with a site not responding with an SSL certificate installed. Download and install Microsofts SSLDiag tool. It works great!
Category Archives: Windows Hosting
How to convert a IIS SSL certificate and Apache private Key into a PFX Certificate.
Posted by helpinghost
on August 15, 2011
No comments
No primary IP address setting in Windows 2008 R2
Posted by helpinghost
on August 15, 2011
No comments
Windows 2008 R2 does not have the option of setting a primary IP address.
Yesterday, we were debugging an issue were one of our Windows 2008R2 Web Hosting Servers all of the sudden was unable to connect to the MySQL Server in our Network.
Since we are offering shared hosting, we have very strict security in place. One of the things we implemented is that Servers are only allowed to communicate with each other for services required for its function.
So of course the Windows 2008R2 Web Server IP is only allowed to communicate with the MySQL Server on port 3306.
Surprisingly though Windows 2008R2 changes what is the primary IP address based on which IP is closest to the default gateway.
In our case, a customer enabled a Dedicated IP Address for its website so he could get an SSL Certificate. The new IP added was closer to the default gateway then the IP we had set up original as what we thought the Primary IP address of the Server.
So, now the server started connecting to the MySQL Server from a new IP address which was not allowed to connect and as a result Websites using MySQL went down.
After some research we found that this seems to be a major oversight by Microsoft and they even released a “Hotfix” for the issue.
This fix allows you to specify a new parameter when adding a IP via command line telling the system not to use this IP as a source (Primary) IP address.
The problem with this fix for a web hosting company like us is of course the fact that we are using 3rd party tools to automate the provisioning of IP addresses and in this case we can not change this tool to use the new parameter offered by this hotfix.
So the solution for us for the moment was to add this new IP to the firewall so it can communicate with the MySQL Server and to make sure that new IPs added to the server are either in a different subnet or ‘further away’ from the default gateway of the Server.
Frontpage Extensions for IIS 7.5 (Windows 2008R2)
Posted by helpinghost
on August 15, 2011
1 comment
RTR recently released Frontpage Extensions for Windows 2008R2 which was very exciting for us since we just started adding Windows 2008R2 Web Servers to our cluster and were unable to offer Microsoft Frontpage Extensions to our customers on those servers.
RTR offers the software for a reasonable price and obviously has many years of experience in the field.
We downloaded a trial and started reading up on the licensing of the the product.
We noticed a clause in the instructions that explained either the Windows 2008R2 Server needs to be a physical machine OR the server running the licensing software needs to be a Physical machine.
This is a big problem for us since we converted all our Windows machines into Virtual machines a while back.
So basically we had no chance giving RTR our money to buy their product.
We did notice however that the Licensing Software they are using (Reprise RLM) has the option to run on Linux. Since we still had a physical linux Server for certain tasks, we had a little hope again we could use the product.We downloaded the Linux version of the RLM directly from the vendor installed it and the trial license.
The result:07/12 22:09 () ****************************************
07/12 22:09 () *** ***
07/12 22:09 () *** This ISV server is not enabled ***
07/12 22:09 () *** to run on this platform. ***
07/12 22:09 () *** ***
07/12 22:09 () ****************************************
After talking to RTR it seems their licensing agreement with Reprise does not allow Linux as the RLM Server.
This is very unfortunate since we now need to keep the old Windows 2003 Servers around for as long as people are asking for FPSE or have to run separate Windows 2008 Servers (IIS7) which comes with free FPSE from RTR.
I really wish RTR would expand their licensing options!UPDATE: Great news! As you can see from the comment below, RTR is now offering a hosted license!
This means RTR is running the license server for you and you just have to worry about purchasing licenses from the.
Recent Comments