These instructions explain how to export an SSL certificate installed on a Microsoft server to a TotalView Host. The SSL certificate file is exported as a .crt and .key file and includes the intermediate certificate.
Background
The TotalView server requires the SSL certificate parts into two separate files: .crt and .key files. The .crt file contains the public key file (SSL certificate file), and the .key file contains the associated private key. You use your server to generate the associated private key file as part of the CSR. You need both the public and private keys for an SSL certificate to function.
Windows servers use .pfx files that contain the public key file (SSL certificate file) and the associated private key file. So, if transferring your SSL certificates from a Windows server to Apache, you need to export the certificate in an Apache compatible format, which splits the public (.crt) and private (.key) files.
Export Prerequisites
To export your certificate .crt file and its .key file for TotalView, the SSL certificate and its corresponding private key must be on the same computer/workstation. You may need to import the certificate to the computer that has the associated private key stored on it. (e.g., the laptop/desktop computer where you created the CSR) before you can successfully export the .crt and .key files.
For help importing the certificate, see SSL Certificate Importing Instructions: DigiCert Certificate Utility.
How to Export Your SSL Certificate w/Private Key Using the DigiCert Certificate Utility
- On your Windows Server from which you want to export the SSL certificate, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).
- Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).
- In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the certificate that you want to export as a .pfx file, and then click Export Certificate.
- In the Certificate Export wizard, select Yes, export the private key, select key file (Apache compatible format), and then click Next.
- Note: If the Yes, export the private key option is grayed out (not unusable), the certificate's matching private key is not on that computer. This prevents you from being able to create the .key file for apache. To fix this problem, you will need to import the certificate to the same machine where the certificate's CSR was created. See Export Prerequisite.
In the File name box, click … to browse the location where you want to save your files.
- In the Save As window, browse for and select the location where you want to save your .key and .crt files.
- Provide a file name (i.e. your_domain_com.key) for your .key file, noting that your server .crt file will have the same name (i.e your_domain_com.crt).
- Click Save.
- In the Certificate Export wizard, click Finish. This exports the following files that you need to copy to your TotalView server:
Private Key: your_domain_com.key
Server Certificate: your_domain_com.crt
Intermediate Certificate: DigiCertCA.crt
- After you receive the "Your certificate and key have been successfully exported" message, click OK.
- Now copy the .crt and key file into the TotalView Home Directory and rename to server.key and server.crt replacing the existing files
- Stop and Restart the PathSolutions TotalView Service. Now the New Certificate should be working. Make sure you connect to the FQDN for the Certificate to work correctly