Tyler Roy
asked on
Exporting a UCC SSL to a Windows/Apache Web Server and Configuring Apache to use
I have several different servers running web applications using a UCC SSL from GoDaddy (multiple SANs). These are all Windows servers running IIS (an ERP and MS Exchange). I need to export this same certificate to a Windows Server running Apache that functions as an intranet web server. I am having major issues with this process. I have been able to export the PFX package from the Windows Server, then extract the server.crt and server.key as well as the root certificate keys in a text file. I then separate each part and create individual files. This part works perfectly. I then add the files to an area on the Windows Apache server, and edit httpd-ssl and httpd-xampp files to include the ssl files. After this, I stop the Apache service and tried to restart. It fails to start. Only if I revert the httpd-ssl and httpd-xampp files does the Apache service start up again normally.
As a separate test attempt I created a self signed certificate on the Windows/Apache server and set up the conf files accordingly. The Apache services restarted fine in this attempt, and the webiste loaded. However the website loaded with a warning that the SSL was invalid.
I do not care if the SSL that has to be used is the GoDaddy UCC SSL or a self signed certificate. It is strictly for internal intranet use.
Can someone please help me through either one of these processes so I can get a properly working SSL on this website? Thank you!
As a separate test attempt I created a self signed certificate on the Windows/Apache server and set up the conf files accordingly. The Apache services restarted fine in this attempt, and the webiste loaded. However the website loaded with a warning that the SSL was invalid.
I do not care if the SSL that has to be used is the GoDaddy UCC SSL or a self signed certificate. It is strictly for internal intranet use.
Can someone please help me through either one of these processes so I can get a properly working SSL on this website? Thank you!
Hi Tyler Roy,
Please check this. This is similar discussion with steps.
https://www.experts-exchange.com//questions/29164456/SSL-Certificate-on-Apache-Windows-OS.html
Please check this. This is similar discussion with steps.
https://www.experts-exchange.com//questions/29164456/SSL-Certificate-on-Apache-Windows-OS.html
Better to use https://LetsEncrypt.org certs, so you can generate them once + then do hands free renewals forever.
1) To generate a cert...
2) To hands-free auto renew the cert forever, restarting any related services, use a CRON job...
Note: The "service-bounce" script collects together all soft reloads + hard restarts for all services which must ingest a new cert, when a cert renews.
3) For Windows, you'll use your equivalent of CRON (whatever you use).
4) You'll also change the service reload to reload/restart any service which must re-ingest a new cert when a renewal occurs.
1) To generate a cert...
certbot certonly --no-self-upgrade --non-interactive --rsa-key-size 4096 --email $email --agree-tos --webroot -w $dir -d $domain -d www.$domain
2) To hands-free auto renew the cert forever, restarting any related services, use a CRON job...
0 1 * * * (echo '#####' && date && certbot renew --non-interactive --post-hook "service-bounce") >> /var/log/ssl-renewals.log 2>&1
Note: The "service-bounce" script collects together all soft reloads + hard restarts for all services which must ingest a new cert, when a cert renews.
3) For Windows, you'll use your equivalent of CRON (whatever you use).
4) You'll also change the service reload to reload/restart any service which must re-ingest a new cert when a renewal occurs.
@Tyler, mention if you still have challenges or this has been resolved.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Do you have all certificates to the basic root authority imported?