Exporting web server certificates – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

ServerIron ADX Security Guide

143

53-1002440-03

Configuring SSL on a ServerIron ADX

6

MIIDKTCCApKgAwIBAgIRAJoKUHAGHghM4kW84LNXP1wwDQYJKoZIhvcNAQEFBQAw

ZDETMBEGCgmSJomT8ixkARkWA29yZzEYMBYGCgmSJomT8ixkARkWCGpvbmRhdmlz

MQ0wCwYDVQQKEwRUQU1VMREwDwYDVQQLEwhTZWN1cml0eTERMA8GA1UEAxMIVW5k

ZXJ0b3cwHhcNMDQwOTAyMTc1ODE3WhcNMDcwNzIzMTc1NzQxWjBkMRMwEQYKCZIm

iZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYIam9uZGF2aXMxDTALBgNVBAoT

BFRBTVUxETAPBgNVBAsTCFNlY3VyaXR5MREwDwYDVQQDEwhVbmRlcnRvdzCBnzAN

BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyk4jxC526rUPrkYC1pL+VobYp4B8yLEq

rzbYyL4G6g8OlQ5ZozfP8WHF0T9a7dr/2FmvzWNBka3mHgIUQQxVZcVe/4ALCSLU

tfHKaAWsgwzN+/86BFO6+/2ht2X0Yzo3laY69iGJAW1cNH/7DFE2sF42/EDk0VDb

mRU3cE4afOMCAwEAAaOB2jCB1zB3BgNVHR8EcDBuMGygaqBohwSsEAEFpDIwMDEu

MCwGA1UEAxMlb3U9U2VjdXJpdHksbz1UQU1VLGRjPWpvbmRhdmlzLGRjPW9yZ4Ys

aHR0cDovL3Njb3JwaW8uam9uZGF2aXMub3JnOjQ0Ny9VbmRlcnRvdy5jcmwwDgYD

VR0PAQH/BAQDAgGGMAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAUnGfclktn1nNL

ICknzxZsbFThFoEwHQYDVR0OBBYEFJxn3JZLZ9ZzSyApJ88WbGxU4RaBMA0GCSqG

SIb3DQEBBQUAA4GBAIg8VKUyiGCrQ4Rn6fRKQs4S1Paf6SPot5AQ1cHK5IlFHkFF

nUYMwFdQZcBrfXMLLPZb1ih0MtfEogLSbS82atF8VfkhzUAKl4ke7lKA35jr22Us

KhYtqbwzWkjBu4z/ph10L21CDSSghW1ea75+6IVEa/ZyuvOaINL2wQYNlmps

-----END CERTIFICATE-----

Syntax: ssl gencsr <key-name>

The <key-name> variable is the key name that you want to use for the certificate request.

Exporting Web Server Certificates

You can export a Web Server Certificate from a Web server and install it on a ServerIronADX. This
section describes the procedures required to export Web server certificates from a Windows
Internet Information server (IIS), or and Apache server (UNIX).

Windows IIS
To export an existing Web server certificate to install on a ServerIronADX, follow these steps:

1. In the Run dialog box, type mmc, and click OK. The Microsoft Management Console (MMC)

appears.

2. If you do not have Certificate Manager installed in MMC, you need to install it. For more

information on how to add the Certificate snap-in to an MMC console, see the Microsoft link:
Install a Server Certificate.

3. In the console tree, click the logical store where the certificate you want to export exists. It is

usually in the Certificates folder in the Personal directory under Certificates (local computer)
on the console root.

4. Right-click the certificate you want to export and click All Tasks > Export to start the Certificate

Export Wizard.

5. Click Next.

6. On Export Private Key, click Yes to export the private key.

You must export the private key with your certificate for it to be valid on your target server.
Otherwise, you must request a new certificate for the target server.

7. In the Export File Format dialog box, choose.PFX. If the certificate has already been formatted,

that format is selected as the default. Click Next.

Do not select Delete the private key if export is successful, because this disables the SSL site
that corresponds to the private key.