Convert GoDadddy Cert to PFX + Private Key for Apache

By -

Use these steps to convert your Godaddy-issued Certificate (CRT or P7B) for use with Apache (requires PFX + Private Key).

Important Note: The certificate request most be down on an IIS server, so it's easier to import it back in the server. Other, the first part of the guide will have to be done using the Certificates MMC.

Convert the files to password-protected PFX

  1. Open IIS on the server there the CSR was created
  2. Go to the Server Node, and open Server Certificates
  3. On the right pane, choose Complete Certificate Request and choose the CRT of P7B file from GoDaddy, assign a simple name.
  4. Once done, right-click the certificate and choose Export
  5. Assign a filename for the Export
  6. Assign a password 
  7. Click Export to create the PFX file
Convert the password-protected PFX file to PFX + private key
  1. Go to the Apache server and open a command prompt
  2. If needed, add the path then openssl.exe file to the PATH environmental variable by issuing this command:
    PATH=%PATH%;{folder location of openssl.exe file}
  3. Copy the created pfx file to a folder in this server. CD to this folder
  4. Run this command to create the private key file
    openssl pkcs12 -in {your pfx file} -nocerts -out {filename for the private key file}
    example: openssl pkcs12 -in cert.pfx -nocerts -out encrypted.key
  5. Enter the PFX password if prompted, and a new password if required (your can type the same password)
  6. The resulting file is an encrypted private key file. You will need to decrypt this to be usable in Apache by running this command:
    openssl rsa -in {filename of encrypted key file} -out {filename of new decrypted key file}
    example: openssl rsa -in encrypted.key -out decrypted.key
  7. Enter the password if prompted
  8. Export the certificate part of the PFX file (ie, to separate the private key) by running this command:
    openssl pkcs12 -in {filename of PFX file} -clcerts -nokeys -out {filename of new certificate}
    example: openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt
  9. Enter the password if prompted.
After these steps, you will have 3 files that you can use for your Apache installation:
  1. cert.crt - this is the plain certificate 
  2. decrypted.key - this is the private key file
  3. cert.ca-bundle - take this from the Godaddy zip file. This is the intermediate certificate for the provider

Comments

Post a Comment

Popular posts from this blog

Windows RRAS VPN configuration when server is behind NAT

By -
The following configuration changes have to be done when the Windows VPN server (Remote Access and Routing Service) is behind NAT (ie, server has a private IP). To make PPTP work: Allow tcp/1723 traffic to flow through the firewall to the RRAS server Add inspect pptp on the firewall To make L2TP/IPSec work on Windows clients: On the client device, open Registry Editor Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent Add a DWORD (32-bit) key named AssumeUDPEncapsulationContextOnSendRule   Set the value to 2, and base to Hexadecimal Restart the client PC (this is important). Done!
Read more

Lenovo X1 Carbon Battery Problem - Plugged, Not Charging

By -
Solution taken from  https://stebalien.com/blog/fix-for-lenovo-x1-carbon-not-charging/ Happened on one of our laptops. The battery was draining and if you plug in the charger, it just says "Plugged In, Not Charging" To fix: Unplug the charger Restart the laptop Press Enter to interrupt normal startup Press F1 to enter the BIOS Seup Go to Config, Power Go to the bottom of the list where it says "Disable built-in battery". Press Enter. The laptop will shut down.  Plug in the charger and restart the laptop.
Read more

Multiple Remote Desktop sessions on Windows XP

By -
Continuing on from my last post about setting up RemoteApp on Windows XP. I needed to make the old application available to multiple users, so I have decided to modify the Terminal Service in my WinXP box to allow multiple remote session. I found the instructions here . It's pretty simple. You just need to replace termsrv.dll file and apply some registry changes. But you do have to consider that Windows XP employs a Windows File Protection system that detects when system files are changed and replaces it back with the original microsoft version of it. Here's what I did: Grab the file termsrv_sp3_patch.rar from the link above. Back the file C:\windows\system32\termsrv.dll into another location.  Open service.msc and change the Start-up property of the Terminal Service to Disabled Restart the computer. After restart, delete the file termsrv.dll from the following locations C:\windows\sytem32\ C:\windows\system32\dllcache C:\windows\ServicePacks\x86 Copy the termsrv.dll file from...
Read more