I’m going to migrate one windows server running on some php sites which using ssl certificates to WHM/cpanel installed linux server. During the time I need to be site alive during the migration time ( Zero downtime).
For this,
A, I have enabled database remote access from the older server to new hosting network to use same database while nameservers are updating over the internet.
B. I have used the same certificate installed on both servers. ie I export the IIS installed certificate and separate the private key and certificate from it.
Exporting SSL certificate from IIS using export utility.
a, Right click on ” my computer” and select manage
b. Expand IIS manager and choose the site where SSL certificates has installed.
c. Right click on the site and choose “properties” and then select ” security” tab. Then click on “edit” button.
d. You may get the windows same like as listed below,
Type the file name to save the .pfx file
Next we need to protect the exported file being manipulated by other ssl tools. Set the passphase value.
Now we have the .pfx export file. Now we need to copy it to any linux desktop to extract the cert and key file.
Export the private key file from the pfx file
Export the certificate file from the pfx file
This will help you to remove the passphase from being asked during the Apache restart each time.
Pls note that each command execution will ask you to enter passphase to process the request.
Installing certificate on Cpanel server. login to WHM using the root account. Go to SSL/TLS–> install a ssl certificate and setup a Domain.
Then open both the domain-cert.pem and server.key file in notepad and copy the content in to respective window shown on the WHM as follows,
You may also request to fill out the GD bundle certificate if you have provided from CA. I uses Goddady ssl and can be downloaded it from their sites.
2, create pfx file from crt and key
If you have a requirement of converting crt file to .pfx format which can be recognised on IIS server,use the following command
openssl pkcs12 -export -out mydomain.com.pfx -inkey mydomain.com.key -in mydomain.com.crt -certfile CA_bundle.crt
Enter Export Password:
Verifying - Enter Export Password:
[root@BANK-qa01 ssl]# ls
mydomain.com.crt mydomain.com.key_old gd_bundle.crt
mydomain.com.key mydomain.com.pfx
[root@BANK-qa01 ssl]#
That’s it.
-njoy
Leave a Reply