Axcient Help Center

How to Convert an Existing IIS .pfx File (Private Cloud)

After x360Sync is installed and configured, you can set up SSL certificates to allow for secure connections to your Apache server. Specifically, you will need to add a .crt file (certificate file) and a bundle.crt file in your Apache SSL directory. Unsigned certificates are not supported.

When you create a new SSL certificate or wildcard certificate, you generate a .key file (private key), as well as a .csr file (certificate signing request file), using your OpenSSL application. You then submit the .csr file to the SSL Certificate Authority of your choice (for example, GoDaddy, Thawte, Verisign, and so forth) in order to receive the appropriate .crt (certificate file)and bundle .crt files, which are then installed on your Apache web server.

03000026.png

If you already have an existing IIS .pfx file (Personal Information Exchange file), you can use it to extract both a .key file and a.crt file using your OpenSSL application.

This article will review the following steps in detail:

  • Export an IIS certificate to a .pfx file

  • Use the OpenSSL application to extract the .key file and the .crt file

  • Update the .crt file

To Export an IIS certificate:

  1. From the Start menu, enter mmc.exe into the search box and press the Enter key. The Microsoft Management Console window displays.

  2. In the Microsoft Management Console window, click the File menu, and select Add/Remove Snap in.

    03000027.png

    The Add or Remove Snap-ins dialog box displays.

  3. In the Add or Remove Snap-ins dialog box, select Certificates, and then click the Add button.

    03000028.png

    The Certificates Snap-in dialog box displays.

  4. In the Certificates Snap-in dialog box, select the Computer accountradio button, and then click the Next button.

    03000029.png
  5. In the Select Computer dialog box, select the Local computer radio button, and then click the Finish button.

    0300002A.png
  6. Click the OK button to close the Add or Remove Snap-ins dialog box.

  7. Back in the Microsoft Management Console window, click to expand the Certificate folder, then click to expand the Personal folder, and then select the Certificates folder. A list of certificates will display.

  8. Right-click the certificate you want to export; point to All Tasks, and then select Export.

    0300002B.png

    The Certificate Export Wizard displays.

  9. In the Certificate Export Wizard, click the Next button to begin.

    0300002C.png
  10. In the Export Private Key screen, select the Yes, export the private key radio button. Click Next to continue.

    0300002D.png
  11. In the Export File Format screen, click the Personal Information Exchange radio button, and then select the Include all certificates in the certification path if possible checkbox. Click the Next button to continue.

    0300002E.png
  12. In the Password screen, type and confirm a password. Click the Next button to continue.

    0300002F.png
  13. In the File to Export screen, click the Browse button to find a location to save the .pfx file.

    03000030.png

    Click the Next button to continue.

  14. When the Certificate Export Wizard is complete, click the Finish button.

    03000031.png

    The .pfx file, which contains the .crt file and the .key file, is now saved.

Next, use the OpenSSL application to extract the .key file and the crt file.

  1. From the Start menu, enter cmd into the search box and press the Enter key. A new Command Prompt window displays.

  2. In the Command Prompt window, navigate to the Apache bin directory using the cd command, and press the Enter key:

    cd C:\Apache24\bin\

    03000032.png
  3. While still in the Command Prompt window, launch the openssl application using the openssl command:

    openssl

    03000033.png
  4. Within the OpenSSL application, export the crt file from the .pfx file using the following command:

    pkcs12 -in filename.pfx -nocerts -out key.pem

  5. After the pfx file is exported, export the crt file from the .pfx file using the following command:

    pkcs12 -in filename.pfx -clcerts -nokeys -out yourdomainname.crt

  6. Remove the password from the .key file so Apache will not prompt you for your password when it starts.

    -in key.pem –out yourdomainname.key

Finally, you can update your crt file.

  1. Open the .crt file.

  2. Delete all content that is listed before the -----BEGIN CERTIFICATE----- section.

  3. Save the crt file. You can now configure Apache to use these files. For more information, please reference the How to Use an Existing SSL Certificate with Apache section of the Guide.