Export the private key from IIS
- Open the Internet Information Services administration console located in the Control Panel -> Administrative Tools.
- Select the properties of your website.
- Select the Directory Security tab
- Select the button 'View Certificate'.
- Select the Details tab.
- Choose the 'Copy to file' button.
- Choose 'Yes export the private key'.
- The key will be generated using Personal Information Exchange PKCS#12(.pfx).
- Specify and confirm a password.
- Specify a name and save the file to the local disk. In this document we will use the example name example.pfx.
- Refer to the Internet Information Services administration console located in the Control Panel -> Administrative tools.
- Select the properties of your website.
- Select the Directory Security tab.
- Choose to 'View Certificate'.
- Select the Details tab.
- Choose the 'Copy to file' button.
- Choose 'No, do not export the private key'.
- Specify to export the certificate in base-64 encoded X.509 (.CER).
- Specify a name and save the file to the local disk. In this document we will use the example name example.cer
- Once the file is created, rename the extension to .crt (e.g. example.crt), as this is the extension format used by Kerio MailServer.
The following procedure can only be performed
from a Windows computer. The key file can be later copied to another
operating system.
Change the key format from PKCS#12 to RSA- Download the SSL Certificate Utility.
- Extract the zip file to some location on the local hard drive. There are four necessary files: ssleay32.dll, libeay32.dll, openssl.cfg and openssl.exe.
- Move the two files exported from IIS (example.crt and example.pfx) into the folder containing the extracted files.
- Execute the file openssl.exe.
- Type the following command: pkcs12 -in example.pfx -nocerts -out example.pem.
- You will need to supply the password used when you created the Personal Information Exchange file during the export from IIS.
- After supplying the password, you will then be asked to create and verify a "PEM pass phrase". You will need to supply this pass phrase in order to convert the "PEM file" to a KEY file. This pass phrase will be used only once, and is not relevant after the key file has been created.
- At this point you will have a new file in the same directory called example.pem.
- Type the following command: rsa -in example.pem -out example.key.
- After entering the "PEM pass phrase", the example.key file will be generated. You will no longer need the "PEM pass phrase".
- Locate the /sslcert directory. The default location for each supported Operating System is provided below.
- OS X: /usr/local/kerio/mailserver
- Windows: C:/program files/kerio/mailserver
- Linux: /opt/kerio/mailserver
- Copy the example.crt and example.key files into this directory.
- Restart Kerio MailServer
- Connect to Kerio MailServer using the Administration console and go to the Configuration -> SSL Certificates dialog.
- Select the new certificate and choose the option 'Set as active'.
- Restart Kerio MailServer and the certificate and key should now be used by Kerio MailServer.
Espero os sirve a todos.
Un saludo,
Fuente: http://kb.kerio.com/product/kerio-connect/ssl-certificates/transferring-a-signed-ssl-certificate-from-internet-information-server-into-kerio-connect-409.html
No hay comentarios:
Publicar un comentario
Gracias por visitar mi Blog.