Exporting a Certificate and Key from Windows Certificate Store
Here are the steps (gleaned from
<http://www.petefreitag.com/item/16.cfm>).
Run mmc :
- File → Add/Remove Snap-in...
- Add...
- Select Certificates, click Add
(opens "Certificates snap-in")
- Pick Computer Account,
click Next
- Pick Local Computer,
click Finish
- Click Close
- Click OK
You should now have a Certificates item in the left side of the MMC window.
- Expand Certificates
- Expand Personal
- Select Certificates, which should bring up a list of one or more computer certificates on the right side
- Right click on the certificate whose key you want, and select
All Tasks → Export...
The "Certificate Export Wizard" should now be open.
- Click Next
- Pick Yes, export the private key,
click Next
- Pick Personal Information Exchange -
PKCS #12 (.PFX),
Uncheck Enable strong protection... ,
click Next
- Enter and confirm a passphrase (this is for short term use: just
exporting the key), click Next
- Choose a file name for exporting (e.g., key,
extension will be
.pfx),
and give the path of your filter's SSL folder (e.g., ...\Program
Files\IISCosign\SSL\), select Next
- Click Finish, and a pop-up should say
The export was successful.
Finished with MMC, you can close it (no need to save changes).
You now have the certificate and key in the file key.pfx.
The filter needs each in a separate file, in PEM format, and unencrypted.
From a CMD window:
cd \Program Files\IISCosign\SSL
[Export the key from PKCS #12 to PEM format (this will prompt for another
short-term passphase)]
..\openssl pkcs12 -in key.pfx -nocerts -out key.pem
[Export the certificate from PKCS #12 to PEM format]
..\openssl pkcs12 -in key.pfx -clcerts -nokeys -out cert.pem
[Remove the passphrase from the key]
..\openssl rsa -in key.pem -out server.key
And the files server.key and
cert.pem are what you want,
(and config file entries PrivateKeyFilePath
and ChainFilePath are what point to them).
You can delete key.pfx
and key.pem.
|
