Customer Login
Web Mail
Purchase Hosting
About Hosting
Frequently Asked Questions
Fast Internet
Technical Support
Contact Us

Need a tune up on
Web Design?

Importing an existing certificate into H-Sphere

To import a certificate which was installed on another computer you will need to have both the private key and the certificate.  Most systems will not directly provide this information; for example both Microsoft IIS and the ikeyman facility for IBM will export the key and certificate in an encrypted PKCS12 format.  The open source program openssl can be used to read these files.

As an example, we will take you through the procedure to read the certificate from IIS.  Basic familiarity with IIS administration procedures is assumed here.  The procedure for other key managers should be similar (of course the interface will be completely different)

  1. Open the IIS Administrator, and display the properties for the Web site.  Select the Directory Security tab and then click the View Certificate button:

  1. In the certificate properties, click on the Copy to File button to start the export wizard.

  1. Accept the defaults on the first three dialogs of the wizard.  Make sure that the private key IS NOT CHECKED TO BE DELETED after the export.

  1. The last three dialogs ask for a password to protect the exported certificate and the name of the file to export the certificate (and key) to.  The file will be created with a "pfx" extension, you should not specify an extension.

  1. To view the key and certificate, you will need to install an open-source tool available from Source Forge.  This tool is available for both Microsoft Windows and Linux.  The Web site for the tool is http://www.openssl.org.  Download the compiled program from Source Forge at:

http://gnuwin32.sourceforge.net/packages/openssl.htm

This is a command-line tool only.  Make sure that the program is in the path of executable commands (edit your startup script in Linux, or modify the environment through My Computer properties in Windows).

  1. Once the program is installed use the following command (the file name is a place holder where we put our exported certificate):

openssl pkcs12 -nodes -in cert.pfx -out cert.txt

The format of the exported certificate from Microsoft (and most other certificate managers) is pkcs12.  The -in and -out parameters define the source and output files (the output file will be plain text).  The -nodes option tells the program NOT to encrypt the private key (so you can get to it).  When the program runs, you will be prompted for the password that you entered in step 4 above.

  1. Log in to H-Sphere, launch the SSL manager by clicking on the control panel icon, and then edit the SSL properties for the site:

  1. Copy the Private Key and the Certificate to the second and third fields in the window (install completely new certificate key and file pair).  Include the lines ---BEGIN RSA PRIVATE KEY ---  through --- END RSA PRIVATE KEY --- with the key, and --- BEGIN CERTIFICATE --- through --- END CERTIFICATE --- with the certificate.  Do not edit the text as you place it in the fields, leave the line breaks exactly as they are.  Ignore any other text in the file  The complete text of the key and certificate examples below have been shortened to save space (and protect this certificate):

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC1N2CrEEcF1jubxRVTVLyZfVBp+IgdE0zEi1UTk1TB+IVHP6ls
kpCYVvaaGvdmbRlTVQ9FNNCvkdxKW1+qCkxek0qRwLbS1TKivtaZ/9fGmG0OHzZz
 ...
RyWjt3v1tVYWRh4FgQJBALP0AWWQsX1P82OnQpl8ZLn3Zohr8aFWu8dEG/aj8LMK
ytD9OxDFc0mF54zcP9ksNOQrP4KgQyhbyVG1Xjh14eE=
-----END RSA PRIVATE KEY-----


-----BEGIN CERTIFICATE-----
MIIDfTCCAuagAwIBAgIDPf+NMA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
...
21K63ByyBFbNliCERCa22OujdLFaVaDKOvc8l3EQTAod2j++hFeQLD2uAJRk6xEH
VyQTuzFxoRXyHANQebIBHk3oGfSYEaKIbev9ZatTSi6T
-----END CERTIFICATE-----

  1. Back up the private key and certificate in a safe place and protect them.  If you have the certificate code (basically a request number) and password from the original request, you should save that information with the key and certificate.  You will need the certificate code and the password to renew the certificate when it expires.

This completes the procedure to move an existing certificate into H-sphere.

  
  customer login  |  web mail  |  purchase  |  hosting info  |  faqs  |  fast internet  |  support  |  contact us

Copyright © 2004 Smallrock Internet Services, Inc. All rights reserved.