How to convert an IIS SSL certificate for Apache?

How to convert an IIS SSL certificate for Apache?

How to convert an IIS SSL certificate for Apache

1.    We need to export the certificate as PFX with the private key. Please follow the below steps:
  • Open Microsoft Management Console by putting the following command in RUN. "MMC.EXE" 
  • Click on File icon then Add/Remove snap-in.

  • In the new window, click on Certificate and then Add it.

  • Select Computer account -> Local computer and hit on Finish button. Then click on OK button.
  • Now, expand the certificates navigate to "Personal" or "Web Hosting" based on the location you chose while installing the SSL certificate. You will finally end up getting the SSL certificate installed in IIS.

  • Right click on the certificate -> All Tasks -> Export. Now you will get "Certificate Export Wizard" Click Next to continue. Now you will get two option, you must choose the first one "Yes, Export the private key".

 

Note: If the export with private key option is grayed out and if you are using Let'sEncrypt certificate, please follow these steps to get the PFX file https://rdr-it.com/en/lets-encrypt-generate-a-pfx-with-iis/ 

Also, if you are using Let's Encrypt certificate the Java JDK version installed in the upload manager server should be minimum 1.8.0.101 and should be in the 1.8 series. Java JDK 1.9 or higher series won't work with eMAM upload manager. If you are installing the new JDK, make sure you are uninstalling the old JDK and reinstall the eMAM upload manager. After that associate the right user with the service.

  • Click Next with default options and on the Security tab, provide a password. Please remember it as we need this password while converting SSL Certificate."

  • Click Next and save the certificate in a location. The exported file will be in a .pfx (Personal Information Exchange) format. Click on the Finish button to complete the export process.
2.    Now let’s convert the exported PFX certificate into JKS. Follow the below steps:
  • Open Command Prompt and CD to the following location "C:\Program Files\Java\jdk\bin".
  • If the path does not exist, go manually to the bin folder inside JAVA\JDK. Make sure "keytool.exe" exists inside the bin folder. Now, execute the following command.

keytool -importkeystore -srckeystore C:\Users\Administrator\Desktop\test\ourdomain.pfx -srcstoretype pkcs12 -destkeystore C:\Users\Administrator\Desktop\test\eMAMUploadManager.jks -deststoretype JKS


  • Replace the input and output path in the above command. Please make sure, there is no unwanted space in the above command and the command is fully pasted in the command prompt. Chances of getting error while executing this command is high. So, double-check the command and make sure no extra spaces, unwanted dots (even on the file name like "mydomain.com.pfx") or other mistakes.

  • A completely copied command will look similar to the above screen grab. Now click Enter button to execute the command. It will ask for the Destination Key Store password.  It will again ask us to re-enter the new password. Input the same password. Then it will ask for the Source Key Store Password. This password we specified during the export process. (Passwords can be same). Successfully executed command will look similar to the following screen grab.

  • This command will create a Java Key Store file (eMAMUploadManager.jks) in the output location. 

 

3.    Verify the existence of the JKS in the output location and follow the below steps:

  • Copy and paste the JKS file inside the following directory based on the eMAM version. 

eMAM 3.8 - C:\Program Files\Empress Media\eMAM Gateway\eMAMUploadManager

eMAM 5.1 and above - C:\Program Files\Empress Media\eMAM Ingest Manager\eMAMUploadManager


  • In the same "eMAMUploadManager" folder, you can see a "conf" folder. Inside that folder, edit server.xml file and find the following tag:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

Uncomment this tag and replace it with following tag:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${user.dir}/eMAMUploadManager.jks" keystorePass="Enter KeyStore password here" />


Please use the screenshot below for reference.

Note: The key Store file path may need to be changed for eMAM 5.0 in the server.xml file.

  • Save the server.xml file after making the changes.
4. We need to restart the eMAMUploadManager service for the changes to reflect. Please follow the below steps:
  • Open Services by putting the following command in RUN "services.msc".
  • In the Services window scroll down and find eMAMUploadManager. 
  • Right-click on the service and choose restart.
  • The default port of Apache over SSL is 8443. Make sure the port is open to the server and put the uploader URL with https in the browser to make sure the uploader is working fine.

https://yourdomainname:8443/eMAMUploadManager/EMAMUploader 

Replace the dummy domain name in the above URL with actual domain name. Once you get "eMAM Upload Manager is running successfully" response message in the browser, please change the eMAM Uploader key under App settings in the web.config XML configuration file of eMAM Director with the above URL.



If you face any issues, please contact eMAM Support at support@emamonline.com for further assistance.


    • Related Articles

    • How to convert PEM certificate to PFX and import to IIS

      Please follow the below steps to convert a PEM certificate to PFX. Install OpenSSL. Please refer to this URL for Windows- https://www.xolphin.com/support/OpenSSL/OpenSSL_-_Installation_under_Windows 2. Open the command prompt and change the directory ...

    • How to create a virtual directory inside Apache Tomcat

      To employ Apache Tomcat instead of IIS to play the preview of assets in eMAM, we need to make necessary changes in configurations in two locations as explained below. 1. Adding Virtual directory Open C:\Program Files\Empress Media\eMAM Ingest ...

    • How to resolve error "The request was aborted: Could not create SSL/TLS secure channel" on Director?

      This article outlines the steps to resolve the "The request was aborted: Could not create SSL/TLS secure channel" error that may appear in your browser when loading eMAM Director. See the image for reference. To fix this, we need to ensure that ...

    • How To Disable TLS 1.0 and 1.1 for Apache

      Please find the below steps to disable TLS 1.0 and 1.1 for the Apache webserver. Note: Please make sure that you have a valid SSL certificate. Please login to the eMAM upload manager installed server (web or app ), and find the server.xml file from ...

    • Apache Tomcat version upgrade

      STOP the eMAMUploadManager service 2. Backup the eMAMUploadManager folder 3. Download the Apache Tomcat latest version from the below link and extract the downloaded zip https://archive.apache.org/dist/tomcat/tomcat-9/ 4. Once extracted, you will be ...