Friday, August 27, 2010

Convert an IIS cert to an apache one

Here is a simple powershell script I wrote to convert a "iis" cert to one that apache is happy with to use with SSL:

####################################################


#convert IIS certs to openSSL ones for Apache to use
# openssl is installed with Apache by default.
#
#created May 24, 2010
#Bryan Loveless 
#
#

Write-host "This script assumes you have openssl installed in the C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin Directory 
And your certs are in the C:\Program Files (x86)\Apache Software Foundation\Apache2.2\certs Directory"


####################################################

Set-Location "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin"

$OrgCert=Read-Host "What is the name of your cert? (Include the .pfx)"

$NewCert= Read-Host "What do you want to name the new one? (Include the .pem) Normally it is apache.key.pem"

$NewKey= Read-Host "What do you want to name the new one? (Include the .key) Normally it is apache.key"

$newkey2= Read-Host "What do you want to name the new one? (Include the .pem) Normally it is apache.cert.pem"

#PS C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin> 

.\openssl.exe pkcs12 -in ..\certs\$OrgCert -nocerts -out ..\certs\$NewCert -nodes

#Enter Import Password:
#MAC verified OK
#Enter PEM pass phrase:
#Verifying - Enter PEM pass phrase:

#PS C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin> 
.\openssl.exe pkcs12 -in ..\certs\$OrgCert -clcerts -nokeys -out $newkey2
#Enter Import Password:
#PS C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin> 
.\openssl.exe rsa -in ..\certs\$NewCert -out ..\certs\$NewKey
#Enter pass phrase for ..\certs\apache.key.pem:
#writing RSA key
 for converting the chain 
#OpenSSL Convert P7B
#
#Convert P7B to PEM
#
#openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
#
#Convert P7B to PFX
#
#openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
#
#openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
#OpenSSL Convert PFX
#
#Convert PFX to PEM
#
#openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

No comments:

Post a Comment