Most servers use plaintext certificate files. The certificate files that you download from your digicert account are already in this format. However, the private key that was generated on your IIS server is not yet in this format. This same private key is required for your certificate to function properly on your non-Windows-based server. To export the private key from the Windows IIS server to your non-windows-based machine, you must extract the private key from a Windows .pfx backup certificate. To do this you will use the OpenSSL utility to extract the private key from the .pfx backup file:
- First backup the certificate you have working on your IIS server to a .pfx file using the instructions listed above.
- Second, use the following OpenSSL command to create a new text file from which you can separate the Private Key:
openssl pkcs12 -in mypfxfile.pfx -out outputfile.txt -nodes
where mypfxfile.pfx is the certificate backup from your IIS server.
- The above command would have created a text file named outputfile.txt. Open this file with a text editor and you will see the private key listed first:
-----BEGIN RSA PRIVATE KEY-----
(Block of Random Text)
-----END RSA PRIVATE KEY-----
- Copy and paste all of the private key, including the BEGIN and END tags to a new text file and save it as your_domain_name.key
- Use the Digicert Certificate Installation Instructions to install the the .key file you just created and the other certificate files from your Digicert Account to your new server.
No comments:
Post a Comment