Global Support Centre > SSL Certificates > Apache (OpenSSL) > Back Up Certificates

PART 1 - Export the Private Key and SSL Certificate from Apache as a PKCS12

FIRST ! FIRST ! Modifications for export from ISPConfig, commands using via putty, you have to duplicate /root/ispconfig/httpd/conf/ssl.key/server.key to /root/ispconfig/httpd/conf/ssl.crt then change to this path /root/ispconfig/httpd/conf/ssl.crt further info:

The assumption is that you have TWO files: the PrivateKey and the Certificate. You would COMBINE both private key and certificate into a single file using the OpenSSL command:

openssl pkcs12 -in server.crt -inkey server.key -export -out server.pfx

where:

a.pfx is a single file that contains both your private key and certificate file.

Move your server.pfx, created with your password to the new destination, dont forget to delete the duplicated server.key file from location /root/ispconfig/httpd/conf/ssl.crt.

PART 2 - Import the PKCS12 into Windows IIS

To import the PFX file into the IIS server:

1. Click Start, then Run, then type "mmc"
2. In the MMC click File, then Add / Remove Snap In
3. Click Add in the dialog box that opens
4. On the Console, expand the Certificates container, then right click Personal
5. Select All Tasks, then Import
6. Point the File Browse at the PFX file and complete the wizard
7. In IIS go to your site and select Properties, then Directory Security
8. Click Server Certificate and then Assign an Existing Certificate, select the correct certificate from the available certificates

PART 1 - Exporting from Apache Server

1. Locate the directory that your certificate and key file are currently stored (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).
2. Copy the domainname.key and domainname.crt files to removable storage media, or to a network drive.

PART 2 - Importing to Apache Server

1. Copy the domainname.key and domainname.crt to the Apache server directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).
2. Open the Apache httpd.conf file in a text editor. Locate the SSL associated with your certificate. Verify that you have the following 2 directives within this virtual host. Please add them if they are not present:
   1. SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt
   2. SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key

   Note that some instances of Apache will store information in a httpd-ssl.conf file. If your httpd.conf contains no information then you will need to locate and amend the httpd-ssl.conf as above.

3. Save the changes and exit the editor.
4. Start or Restart your apache web server.

PART 2 - Assign the correct directives to your Config file

When you have made the changes detailed in PART 1, you will then need to assign the correct directives to your Config file. You may find these in your httpd.conf file or in the ssl.conf file.

1. Open your httpd.conf file and search for the section for the site for which the SSL certificate will secure (If you cannot locate the section in your httpd.conf file, open your httpd-ssl.conf file and search for the section).
2. Your section will need to contain the following directives:-
   1. SSLCertificateChainFile - this will need to point to the certificates.cabundle, so after the directive name enter the path and file name and remove the &hash; from the beginning of the line.
   2. SSLCertificateFile - this will need to point to yourdomain.crt so after the directive name enter the path and file name and remove the &hash; from the beginning of the line.
   3. SSLCertificateKeyFile - this will need to point to yourdomain.key so after the directive name enter the path and file name and remove the &hash; from the beginning of the line.
3. Save the changes and close the text editor.
4. Restart Apache.

SOURCE: http://www.globalsign.com, some changes and additions by WWW24.at