Koozali.org formerly Contribs.org

HOWTO Migrate SSL from Windows to SME

HOWTO Migrate SSL from Windows to SME
« on: October 28, 2010, 03:31:07 AM »
I have a customer who has a free SSL from StartCom on a Windows SBS2008 Server.

StartCom give out free SSL only certificates which are IE and Mozilla compatible. There is no catch except the cert is only good for HTTPS.

They want to test if it is possible to migrate their small business to SME, so here is how to migrate the SSL part without having to reapply and go through lots of hoops to get a new certificate they already have.

http://rackerhacker.com/2007/03/23/exporting-ssl-certificates-from-windows-to-linux/

This process leaves you with the two files, .key and .crt. Do not use the last three steps to import the certs to Apache, instead, follow the Commercial Certificates subsection of this document:

http://wiki.contribs.org/Certificates_Concepts#Commercial_certificates

Once the server is restarted, you can test the certificates, without disrupting the customers site, from a Windows workstation by:

Adding the FQDN and internal IP Address of the SME server to the file c:\windows\system32\drivers\etc\hosts in the same format as the sample in the file.

Ping the FQDN of the SME server (the public FQDN, not hte local one) to test it resolves correctly to the new SME server's internal IP address.

Then open a web browser to the SME server using HTTPS.

The address bar of the browser should correctly display the certificates acceptance instead of the usual "Do you want to accept this untrusted site..." message.

I Googled this for a while and found lots of long winded way to do this, but these are the only steps that are needed for this to work.

Cheers


Gund