You are here

How to import SSL certificate and private key from IIS

Question:
I have my SSL key and certificate in a Microsoft Internet Information Server (IIS). How can I copy this key/certificate into Airlock?

Answer:

  • Export your certificate from IIS including the private key according to the following Microsoft article: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2cfeeba2-511f-47e8-913c-f196b74e6a44.mspx?mfr=true
  • Apply the option 'Include All Certificates in the certification path', but do not check 'Enable strong protection' (see Screenshot).
  • The resulting file is in PKCS#12 format, let's name it iis.pfx.
  • Copy the file to Airlock (from a *nix system or your Windows desktop, e.g. using WinSCP):
    scp root@airlock:/tmp/iis.pfx
  • Login to Airlock and extract the private key in pem format:
    ssh root@airlock
    openssl pkcs12 -in /tmp/iis.pfx
    You will be asked for the private key password (entered when exporting) and a new password for the resulting output.
  • Copy the resulting shell output into a text editor. This contains the private key and the server certificate including the certificate chain.
  • Login to the Airlock Configuration Center as user "admin". Open the Virtual Host you want to use the certificate for.
  • The server certificate is at the beginning of your console output. Copy everything from
    -----BEGIN CERTIFICATE-----

    to
    -----END CERTIFICATE-----
    to the field Server Certificate.
  • Mark the part from
    -----BEGIN RSA PRIVATE KEY-----
    to
    -----END RSA PRIVATE KEY-----
    (including these markers) and copy it into the field Private Key.
  • Copy any certificates between the server certificate and the private key to the field Certificate Chain.
Knowledge Base Categories: