0

I used to host a website in my Linux Server. I bought a SSL certificate from GoDaddy, and https://www.example.com worked well for the site.

Today, I wanted to move the site from the Linux Server to Windows Server 2012 R2. I have done the configuration such that http://www.example.com points to the public IP of the Windows server and the site works.

Now, I need to bind a SSL certificate to the site to make https://www.example.com works.

I have met the same trouble as this page, pixelloa suggested use the MMC snapin to import the cert into PERSONAL, click it and grab the serial # line. Go to dos, run certutil -repairstore my "paste the serial 3 in here" (you need the quotes) then refresh MMC with personal certs. However, certutil made Select a smart card device window pop us, after selecting cancel, I got this:

enter image description here

So I am stuck here. Does anyone have any solution?

Maybe should I do something in the Linux Server before setting Windows Server? Do I have to buy another SSL certificate?

bobmagoo
  • 442
  • 2
  • 12
Tie
  • 223
  • 1
  • 2
  • 11

2 Answers2

3

It sounds like all you really need to do is to migrate a certificate from an Apache site to an IIS site. The instructions from Network Solutions (for Apache, but would be similar for nginx or any other webserver) will let you do that:

  1. Locate the certificate, intermediate and private key files on the Apache server. Run the following command, substituting the paths and filenames where needed. You will need to enter a password that you will need to remember later.

openssl pkcs12 -export -in certificate_file -inkey private_key_file -certfile intermediate_file -out CertificateAndKey.pfx

  1. Copy the resulting 'CertificateAndKey.pfx' file onto the IIS server.
  2. Click 'Start', choose 'Run'. Type 'mmc', press 'OK'.
  3. In the MMC console, click the 'File' menu, and choose 'Add/Remove Snap-In'.
  4. Click the 'Add' button, then select 'Certificates' from the list and click 'Add'.
  5. From the next menu, select 'Computer account'. Click 'Next', select 'Local computer' then click 'Finish'. Click 'Close' then 'OK'. You will be back at the main MMC console.
  6. Expand the tree 'Certificates (Local Computer)' and click the 'Personal' sub-folder. Right-click and choose 'All Tasks' > 'Import'.
  7. Follow the wizard through, selecting the default options. You will need the password from the second step. The certificate will now be imported and available to IIS.
  8. Load the IIS Management Console, right-click the website you require the certificate installed on, choose 'Properties' and 'Directory Security'.
  9. Click the 'Server Certificate' button, choosing 'Assign an existing certificate' from the options.
  10. Select the newly-imported certificate from the list. Complete the wizard.
  11. The certificate will be installed and working on the site. A restart of IIS may be required to complete the process.
kuttumiah
  • 107
  • 3
bobmagoo
  • 442
  • 2
  • 12
  • Thank you for this, I found this approach as well... But it did not work well, please see [this thread](http://serverfault.com/questions/811454/ssl-does-not-work-move-an-ssl-certificate-from-an-apache-server-to-a-windows-se). – Tie Oct 26 '16 at 16:23
1

You should be able to revoke the current certificate and ask your certificate provider to provide a new certificate for your new private key without any extra cost.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58