We've got a Windows Server 2008 R2 Datacenter machine running as an EC2 instance at Amazon. We've always used and still use the IIS Certificates Manager to generate our certificates as SHA-1 2048bit. Recently we've had a client ask us to install an SHA256bit 2048 key. Well, IIS Cert Mgr doesn't do SHA256 so I've used OpenSSL-Win64 to produce a couple of files with this command:
openssl req -nodes -sha256 -newkey rsa:2048 -keyout C:\SSL\mysite2015-09-29_private.key -out C:\SSL\mysite2015-09-29.csr
Which produces two files:
When opened in Notepad++ the files begin and end with -----BEGIN PRIVATE KEY----- / -----END PRIVATE KEY----- and -----BEGIN CERTIFICATE REQUEST----- / -----END CERTIFICATE REQUEST----- repectively.
I have forwarded the .CSR file on to the client for them to register the thing with their favorite certificate authority. I have no idea what to do next.
Do I need to somehow install the private.key into Certificate Manager. There are a million different formats it seems, do I need to use a different format and how would I go about changing the format? Also, because we'll be using a load balancer at some point I'll be needing the private key in .PEM format. How do I do that conversion? Do I need to install some sort of SSL handler to deal with the SHA256 or can IIS7.5 do that? If so what does that mean for the other 8 certs we've already got installed?