Moving SSL Certs from IIS to Apache
I found some instructions for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.
First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)
- Run mmc.exe
- Click the 'Console' menu and then click 'Add/Remove Snap-in'.
- Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.
- Select 'Computer Account' then click 'Next'.
- Select 'Local Computer' and then click 'OK'.
- Click 'Close' and then click 'OK'.
- Expand the menu for 'Certificates' and click on the 'Personal' folder.
- Right click on the certificate that you want to export and select 'All tasks' -> 'Export'.
- A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.
# Export the private key file from the pfx file openssl pkcs12 -in filename.pfx -nocerts -out key.pem # Export the certificate file from the pfx file openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem # This removes the passphrase from the private key so Apache won't # prompt you for your passphase when it starts openssl rsa -in key.pem -out server.key
- Blocking .svn and .git Directories on Apache or IIS - October 15, 2013
- Changing the ColdFusion CFIDE Scripts Location - January 10, 2011
- How to Get a Green SSL Certificate - November 18, 2009
- IIS: Disabling Weak SSL Protocols and Ciphers - October 8, 2009
- ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only - August 20, 2009
- Moving SSL Certs from IIS to Apache Tech Zombie - The Technicians WebSite
* first remove any files in the ssl/certs/ and ssl/private/ directories for the account (i.e. home/yoursite/ssl/)
* if you have access to WHM, use the "Manage SSL Hosts" to double check for entries - delete any for the domain in question
* then check the "SSL Key/Crt Manager" - delete anything related to the domain you're setting up SSL for
* if you followed the instructions above, you'll have the certs.pem and the now decrypted key.pem, but for GoDaddy you need the CA:
* openssl pkcs12 -in filename.pfx -cacerts -nokeys -out cabundle.pem
* the text in those three .pem files (certs, key, cabundle) is all you need to copy into your SSL install page - crt, key, ca bundle
* for WHM it's the "Install a SSL Certificate and Setup the Domain" tool
...maybe this is the long way around, but wanted to make sure I used the WHM/Cpanel tools since I don't know everything it's doing under the hood.
openssl pkcs12 -in domain.pfx -cacerts -nokeys -out cabundle.pem
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides
- My CFSummit 2015 Slide Decks
- Adding Chrome Custom Search for CFDocs
- Disable Flash Remoting on ColdFusion Servers
- HackMyCF Adds SSL/TLS Scanner
- IncompatibleClassChangeError after ColdFusion 11 Update 5
- Scope Injection in CFML