3SP Knowledgebase
Information and FAQs about 3SP products 		  
Search  
   
Browse by Category
3SP Knowledgebase
 General FAQ
 SSL-Explorer
 About SSL-Explorer
 All Versions
 Access rights
 Agent
 Applications
 Attributes
 Authentication Schemes
 Documentation
 Extensions
 Internationalization
 IP restrictions
 Message queue
 Network Places
 Profiles
 SSL Certificates
 SSL Tunnels
 Update/Backup/Restore
 User Management
 Web Forwards
 Enterprise Edition Only
 Improving Performance
 Installation Management
 rPath Appliance
 Support
3SP Knowledgebase .: SSL-Explorer .: All Versions .: SSL Certificates .: How do I import a web server certificate from IIS? (releases 0.2.12 and earlier)

How do I import a web server certificate from IIS? (releases 0.2.12 and earlier)

1) Export the certificate by running MMC from a command line. Click the File menu, then Add Remove Snap-in

2) Click the Add Button, choose Certificates then click Add->Computer Account->Next->Local Computer->Finished->Close->OK

3) From the tree pane navigate to Personal->Certificates and locate the certificate you wish to export

4) Right click on the certificate and then from All Tasks choose export

5) Follow the prompts: Click Next->select Yes,Export the private key, click Next

6) Make sure 'Personal Information Exchange - PKCS #12 (.PFX)' is selected, also select 'Include all certificates in the certification path if possible' and 'Enable strong protection (requires IE 5.0, NT 4.0 SP$ or above)'

7) Click Next and Enter and confirm a password, click Next. Select a path and filename, click Next, Finished then OK

8) You should now have the certificate with private and public keys. Copy the file from step 6 onto the SSL Explorer server and note the path and filename


9) Once you have the exported .pfx file you can import this directly into SSL-Explorer during the install wizard. To complete this task you must first determine what the alias of the private key is in the file. This can be done by executing the following command on the exported .pfx file, the keytool command is installed as a part of the Java Runtime Environment. If this command cannot be found simply add $JAVA_HOME/bin to your PATH environment variable.

10) Run this command: keytool -keystore PFX_FILE -storetype pkcs12 -list

You will be prompted to enter the passphrase you set when the key was exported. You will see output like the following..

Z:>keytool -keystore dc_w3svc1_cert.pfx -storetype pkcs12 -list
Enter keystore password: xxxxxxxx

Keystore type: pkcs12
Keystore provider: SunJSSE

Your keystore contains 1 entry

26b10dc70f295e28774508f29171a929_894936a9-041e-4ee8-bf5f-e8735185734b, 15-Aug-2006, keyEntry,
Certificate fingerprint (MD5): CA:09:DC:FB:DB:3E:7D:5A:81:92:A4:C9:23:33:63:B8

The alias if the first element of the line second from bottom terminating at the comma, so in the above output its: 26b10dc70f295e28774508f29171a929_894936a9-041e-4ee8-bf5f-e8735185734b

11) Stop the SSL-Explorer service and run the Install Wizard

12) Select Import Existing Certificate and click Next

13) Change the Type from JKS to PKCS12

14) Type in the passphrase you set when exporting the PFX file

15) Enter the alias found in step 10 above

16) Click Browse and Open your certificate you exported and click Next

17) Complete the rest of the Install Wizard as normal (if it's an existing install, you should be able to just click Next to everything as it will populate all the fields with your current install settings)

18) Now navigate to the sslexplorer/conf directory and open the file called webserver.properties

19) Find a setting in that file called webserver.alias. Note that this currently set to a long hexadecimal number

20) Change this setting so that it reads webServer.alias=sslexplorer-server and save the file

21) Start the SSL-Explorer service and it should allow you to log on. (Note that you may still get warnings about the certificate not being trusted, but this isn't an issue. You can stop those warnings by going to System Configuration->Server and ticking the option called Disable Certificate Warning

How helpful was this article to you?

User Comments

Add Comment
No comments have been posted.


powered by Lore
© 2008 3SP Ltd. All Rights Reserved