FAQ

• How do I generate a CSR in IIS when I already have a certificate on my website?

To do this, first you must understand that IIS stores all the certificates for all of your websites in one central location, and 'removing' them from a website does not delete the certificate but simply un-assigns it from that site.
Thus, we can create a blank 'dummy' website and request and install the certificate there, then re-assign this new certificate to your current running website.

• Open the IIS control panel, and create a new, empty website. There does not need to be any content on this site, nor does it need to be live or active.
• Generate a CSR on this website - instructions are available on the Support section of this site.
• Submit the CSR to us normally.
• Once you receive the certificate, install it as per the instructions onto this 'blank' website.
• Right-click on your main website (the one you actually required the certificate for). Choose 'Properties', and click the 'Directory Security' tab. Click the 'Server Certificate' button.
• One of the options will be 'Assign an existing certificate'. Choose this, and you will be presented with a list of certificates - including the newly-installed one. Select this, and complete the wizard.
• Your site will seamlessly change over to use the new certificate.
• The 'blank' website can now be removed.



• How do I export a certificate from Microsoft IIS?
• Click 'Start', choose 'Run'. Type 'mmc', press 'OK'.
• In the MMC console, click the 'File' menu, and choose 'Add/Remove Snap-In'.
• Click the 'Add' button, then select 'Certificates' from the list and click 'Add'.
• From the next menu, select 'Computer account'. Click 'Next', select 'Local computer' then click 'Finish'. Click 'Close' then 'OK'. You will be back at the main MMC console.
• Expand the tree 'Certificates (Local Computer)' and click the 'Personal' sub-folder.
• Locate the certificate you wish to export. Right-click the certificate, choose 'All Tasks' > 'Export'. A wizard will begin.
• Click 'Next'. Choose 'Yes, export the private key'. Click 'Next'. Note: if this option is unavailable, the key cannot be exported. You will need to generate a new request and install a new certificate before it can be exported.
• Select 'Personal Information Exchange - PKCS #12 (.PFX)'. Make sure the only checked box is 'Include all certificates in the certification path if possible'. Click 'Next'.
• Enter a password twice. This is the password to protect the file and is needed to import the certificate later. Click 'Next'.
• Choose a location and filename for the exported file. Click 'Next'.
• Click 'Finish'. The wizard will complete and export the certificate and key to the location specified.



• How do I move a certificate (and key) from IIS to Apache?

Firstly, you'll need to export the certificate and key from IIS, following the directions in this FAQ above.
Secondly, you'll need to copy the PFX file to the Apache server. You will need the open-source OpenSSL tool installed (commonly by default on *nix platforms, and available freely for Windows).
In the same directory as the PFX file you copied, use the following command, replacing the filename of your PFX file where needed:



openssl pkcs12 -in  -out pfxoutput.txt -nodes

Now you will have a single text file containing the private key and certificates. Open it and copy from the '-----BEGIN RSA PRIVATE KEY-----' line to the '-----END RSA PRIVATE KEY-----' line into another file - mykey.key. The rest of the file can be copied into mycert.crt.
The two files can then be used in Apache.

For further assistance, please contact your dedicated account manager or our toll free support center at 888-386-2122.