Apr 30 2017 11:55 PM
I am trying to enable SSL in windows 2012 server. I am following this tutorial.
I have signed crt file and I convert crt to cer file for windows machine. I follow this step to convert crt to cer file.
But after adding cer file, cannot find certificate in the list when I go to another menu and come back to certificate list. Do I miss anything ?
May 04 2017 09:33 PM
I find it easy to import externally generated SSL certificates using openssl to create a private key, and a certificate request, then fulfill the request from either a Microsoft Certificate Server or from a commercial provider.
I convert the key and certificate to pfx format and copy it to the server. The IIS Server Certificate menu shown in your link easily imports the certificate.
You can also use mmc with the certificates snap-in to import the pfx certificate into to roles you want to use it for. Here are the commands.
Launch OpenSSL application
C:\OpenSSL-Win32\bin>openssl
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
HOST = your hostname
PROCESS
STEP 1: Generating RSA private key for CA (2048 bit)
openssl genrsa -des3 -out HOST.key
STEP 2: Generating X.509 certificate signing request for CA
openssl req -new -key HOST.key -out HOST.csr
STEP 3: Generate HOST cetificate from Microsoft Certificate Service on CA or from commercial provider. Cut and paste from HOST.csr
Download new certificates HOST.cer
STEP 4: Create PEM Certificate (PKCS12, PFX)
openssl pkcs12 -export -out HOST.pfx -inkey HOST.key -in HOST.cer