Monday, July 13, 2009

Tutorial Of The Day: Moving SSL Certs from IIS to Apache

One of my clients is migrating from a Windows hosting provider we're unimpressed with (slow with tech support and offering a very limited feature set) to a flexible Linux provider and I needed to port over the SSL certificate.

To my surprise, and joy, the Windows hosting people didn't look at me like I was crazy when I asked for our certificate with the intention of migrating servers. Instead, they provided me with a .pfx file.

Great, now what the heck do I do with a .pfx file? I opened it up and found binary gibberish. Turns out, there an excellent tutorial on exactly this topic. I followed the steps there and ended up with a certificate file (cert.pem) and a private key (server.key). I then plugged them into my virtual host definition as:

<VirtualHost *:443>
    ServerName host.domain.com:443
    RewriteEngine On
    DocumentRoot /var/www/vhosts/host.domain.com
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/pki/tls/certs/cert.pem
    SSLCertificateKeyFile /etc/pki/tls/private/server.key
</VirtualHost>

With the above configuration in place, and a restart of Apache, the certificate was served up just like I expected and I was off and running.

1 comment:

  1. This is great to see the movement of the SSL certs from IIS to Apache. So this is really a nice post for the learning point of view.

    ReplyDelete