I've found some tutorials about transferring SSL from Windows to Linux server such as this one here: https://major.io/2007/03/23/exporting-ssl-certificates-from-windows-to-linux/. But is it possible to do something like this in shared hosting because in shared hosting Apache configuration may not be allowed?
Well it is possible to transfer an SSL certificate from a Windows (IIS) environment to a Linux (Apache) environment. Within a shared hosting environment, (at least the majority of them) it will not be possible to install the SSL certificate to the hosting account without the help of your hosting provider. The SSL installation requires an IP be allocated to your domain within the server's configuration, unless deployed with SNI, and a VirtualHost entry routing requested to port 443 (TLS/SSL) for your domain on that IP will have to be created. Needless to say these configurations affect the server as a whole and are chargeable services so most providers will not provide you direct access to do this. If your provider uses Plesk or cPanel or Vdeck then this is the case.
That being said it is well worth the money to have your hosting provider complete this configuration for you and the related services are generally pretty cheap. Most providers will average around $20.00 per year for all the services required to have your SSL function on their servers.
I would request information from your provider regarding the installation to see if it is the right solution for you.
As a note Windows (IIS) SSL certificates are commonly PKCS#12/PFX Formated. The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. Linux (Apache) will use PEM formatted certificates.The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.
Apache and other similar servers use PEM format certificates. Several PEM certificates, and even the private key, can be included in one file, one below the other, but most platforms, such as Apache, expect the certificates and private key to be in separate files.
I would not bother with the conversion prior to contacting your hosting provider as they can obtain the PKCS#12/PFX certificate from you and then covert it when installing it on the server. You should only have to provide the PKCS#12/PFX formatted certificate.
Well instead of transferring the certificates its easy to reissue the SSL after you have migrated to another hosting platform.
In Shared hosting, you won't have access to the webserver (IIS and Apache) to export and import SSL Certificates. For that, you will have to contact your hosting service provider to transfer the SSL Certificate.
Recently, I've moved SSL Certificate from my Windows VPS to Linux VPS with the help of the following article.
https://www.sslsupportdesk.com/move-certificate-iis-apache/
I am sure that the above link will be helpful if you want to move the SSL Certificate from Windows VPS to Linux VPS.
Related
I have a webapp server based on nodejs installed on Windows Server 2016. I want to install an SSL Certificate on such server. I've generated a free SSL from Cloudflare but it downloaded a DER file. The person responsible for configuring the Webserver said he needs a .pfx and a passphrase in order to install the SSL Certificate. Is there a way to convert .der to .pfx with a passphrase, or is there any other way to do that for free or buy one at a very low cost,
Thanks in advance!
If you need a custom SSL certificate for you server, consider obtaining it directly from Let's Encrypt https://letsencrypt.org/.
Alternatively, you can use Cloudflare as a reverse proxy on top of your Node.js server that will add SSL automatically without a need to configure anything (other than creating a DNS record and checking "Cloudflare Proxy" (orange) checkbox. Then in your server settings, you would just configure firewall rules to allow connections only from Cloudflare IPs that can be found here — https://www.cloudflare.com/ips/.
I have a windows server 2012 with a SSL Certificate running in IIS.
I have a Node JS app deployed on that server too, i'm using pm2 to manage this project, but, I need to use this project with https too.
How I can do this?
Previously I tried to re-key the certificate with Open SSL following the steps of this link:
Setting up real SSL with Node JS
Everything is ok, but when I re-key the certificate with the .csr generated by openSSL, my certificate on IIS stop working.
How can I achieve this?
I'm using GoDaddy for the SSL certificate.
Thanks in advance.
So you're essentially trying to use the same certificate on two different web servers? Presumably they serve to different domains? (e.g. a.mydomain.com, b.mydomain,.com).
If their base domain is the same you can look into getting a certificate issued that has a wildcarded domain (*.mydomain.com). If your registrar doesn't support this, or if your domains are totally different and not related, then you need two different certificates.
My web application uses Tomcat7 for hosting web pages and NodeJS for WebRTC. Each of them has a different IP. We've already set up the ssl certificate of Tomcat. My question is can I use the signed certificate of Tomcat in the NodeJS server?
Yes! you can use the installed certificate on your tomcat and NodeJS server.
But, you need to be clear with your common name as there are many different types of certificate available like wildcard ssl, which supports all the sub-domains for a single domain name, multi-domain certificate, which support multiple domain names on a single certificate.
Certificate feasibility depends on your types of certificate, which you can export from apache keystore and import on NodeJS server.
http://nodejs.org/api/tls.html - The following articles will help you for the installation of export certificate from apache to NodeJS server.
i am having issue in configuring SSL on cloud app. i do the following steps in sequence
generate create certificate request from VM hosted on azure enviroment
a text file with CSR hash is created.
i send the hash to certificate issuing authority and i upload the new release in
the mean while on cloud
certificate issing authority send me 4 files with crt extension.
i import the .crt file in certificate manager console (certmgr.msc)
export the file in cer format.
update web role properties in VS 2012. add certificate and update endpoints.
upload cer file on cloud
publish the package and update the package on cloud.
update is not completed becasue of
certificate with thumbprint associated with HTTPS input endpoint https does not contain private key
can any one help me out how i configure SSL on cloud app.
regards,
Zeeshan
As Gaurav mentioned, in step 6, you want to export the certificate and include private key. This will generate a .PFX file and ask you to provide a password.
Furthermore, when you have the .PFX file - you will want to take care as to where you upload it to. Make sure that you upload it to Certificates area under the Web Role - the portal should ask you for a password to the .PFX file.
Management Certificates area that expects .CER files is not the right place to upload SSL certificates to. I am guessing it is likely where uploaded the .CER file from step 6
I followed the following step process when I was setting up SSL in Azure using GoDaddy as CA:
Create a Certificate Signing Request (CSR) on the web server (local IIS, not Azure)
Send CSR to CA (Certificate Authority – GoDaddy) and specify alternative domain names (if you've paid for that possibility)
Download certificate from CA
Import certificate to web server (local IIS, not Azure)
Import the intermediate certificates from CA into local computer (where you have IIS)
Export the certificate as PFX file from IIS and give it a password
Import PFX file into Azure together with password
Bind configured domain names to the certificate in Azure
There are a few different ways to create the CSR file. I used IIS Manager on my local developer computer.
You can read an extended version of the list here where all the steps are more thoroughly explained.
Have you checked the requirements for uploading and using certificate on windows azure?
The requirements is:
You need to include a certificate that must have a minumium of 2048 bit in keysize.
The certificate must be exported with Personal Information Exchange.
When creating the cerificate your subject name must match the domain name of you cloud service.
You have to include a private key.
This question will be easy for those who work in cloud services or for those who having some good knowledge about windows azure.
I have a ssl certificate specified its thumbprint and other details in configuration file. When my package is deployed in the cloud service, the certificate doesn't get grouped under trusted certificate group.Insted it gets grouped under intermediate certificate group in all the instances. Because of this I am getting some certificate issue while accessing a site.
On googling I could find from the microsoft blog, that all the certificates from trusted sources will be grouped under trusted certificates in the azure cloud service virtual machines. But here it is not doing so..
Any ideas on this?
Any comments would be really appreciated..
When deploying certificates to an Azure cloud instance, you may have to include more than jus the SSL certificate to secure the domain. You may also have to list any intermediate certificates, as well as the root certificate. Have a look at this article that describes how to confiugre chained certificates for Azure and let me know if it helps at all.
http://blogs.msdn.com/b/azuredevsupport/archive/2010/02/24/how-to-install-a-chained-ssl-certificate.aspx
This was due to an os upgrade from Microsoft. It was fixed by them and now this seems to be working perfect..
For more: visit http://msdn.microsoft.com/en-us/library/windowsazure/ee924680.aspx