Prepare an IIS certificate for use with™

First, export the IIS certificate AND private key to a pfx file:

  1. Start the Internet Information Service
  2. Display the properties of the Web site.
  3. Click the Direct Security tab.
  4. Click View Certificate button.
    The Certificate is displayed.
  5. Click the Details tab.
  6. Click the Copy to File... button.
    The Certificate Export Wizard starts.
  7. Click the Next button.
    The Export Private Key page appears.
  8. Select Yes, export the private key, and click the Next button.
    The Export File Format page appears.
  9. Select Personal Information Exchange - PKCS #12 (PFX)
  10. Select Include all certificates in the certification path if possible
    IMPORTANT: ensure all other check boxes are NOT CHECKED, especially the one labeled "Delete the private key if the export is successful" - if the private key is deleted from this server, SSL operations on this server will cease.
  11. Click the Next button.
    Password page appears.
  12. Enter the password (if necessary).
  13. Click the Next button.
    File to Export page appears.
  14. Enter the file name.
  15. Click the Next button.
    Completing the Certificate Export Wizard page appears.
  16. Click the Finish button.
    The certificate is exported to the file specified, and "The export was successful" message appears.

Next, run the following OpenSSL commands from a command-line to extract the private key and certificate file from the pfx file created above (download openssl.exe here):

  1. Extract the private key file from the pfx file:
    C:\> openssl pkcs12 -in filename.pfx -nocerts -out key.pem
  2. Extract the certificate file from the pfx file:
    C:\> openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
  3. Remove the passphrase from the private key:
    C:\> openssl rsa -in key.pem -out server.key

Lastly, update the SSL configuration to reflect the full path and filenames of the certificate and private key created in the previous step:

  1. Go to "Edit Properties" -> "SSL" tab
  2. Enter the full path and file name of the certificate from step 2 above into the "Certificate File" field.
  3. Enter the full path and file name of the private key from step 3 above into the "Certificate Key File" field.
  4. Restart to load the new certificate and key files.