How to convert an IIS SSL certificate for Apache?

How to convert an IIS SSL certificate for Apache

  • Open Microsoft Management Console by putting the following command in RUN. "MMC.EXE" 
  • Click on File icon then Add/Remove snap-in
  •  In the new window, click on Certificate and then Add it. 
  • Select Computer account -> Local computer and hit on Finish button. Then click on OK button.
  • Now, expand the certificates navigate to "Personal" or "Web Hosting" based on the location you chose while installing the SSL certificate. You will finally end up getting the SSL certificate installed in IIS.
  • Right click on the certificate -> All Tasks -> Export. Now you will get "Certificate Export Wizard" Click Next to continue. Now you will get two option, you must choose the first one "Yes, Export the private key". 

(Note: If the export with private key option is grayed out and if you are using Let'sEncrypt certificate, please follow these steps to get the PFX file - https://rdr-it.com/en/lets-encrypt-generate-a-pfx-with-iis/ 
Also, if you are using Let's Encrypt certificate the Java JDK version installed in the upload manager server should be minimum 1.8.0.101 and should be in the 1.8 series. Java JDK 1.9 or higher series won't work with eMAM upload manager.
If you are installing the new JDK, make sure you are uninstalling the old JDK and reinstall the eMAM upload manager. After that associate the right user with the service.)
  • Click next with default options and on the security tab, provide a password. Please remember it as we need this password while converting SSL Certificate. For safety let us give it as "eM@M2014" 
  • Click Next and save the certificate in a location. The exported file will be in a .pfx (Personal Information Exchange) format. Click on the Finish button to complete the export process.
  • Now open Command Prompt and CD to the following location "C:\Program Files\Java\jdk\bin"
  • If the path does not exist, go manually to the bin folder inside JAVA\JDK. Make sure "keytool.exe" exists inside the bin folder. Now, execute the following command. 
 keytool -importkeystore -srckeystore C:\Users\Administrator\Desktop\test\ourdomain.pfx -srcstoretype pkcs12 -destkeystore C:\Users\Administrator\Desktop\test\eMAMUploadManager.jks -deststoretype JKS
  • Replace the input and output path in the above command. Please make sure, there is no unwanted space in the above command and the command is fully pasted in the command prompt. Chances of getting error while executing this command is high. So, double-check the command and make sure no extra spaces, unwanted dots (even on the file name like "mydomain.com.pfx") or other mistakes.
  • A completely copied command will look similar to the above screen grab. Now click Enter button to execute the command. It will ask for the Destination Key Store password. Give the password as "eM@M2014". It will again ask us to re-enter the new password. Input the same password. Then it will ask for the Source Key Store Password. This password we specified during the export process as "eM@M2014". So, all passwords are common and input it. Successfully executed command will look similar to the following screen grab.
  • This command will create a Java Key Store file (eMAMUploadManager.jks) in the output location. Copy and paste this JKS file inside the following directory based on eMAM version.
eMAM 3.8 - C:\Program Files\Empress Media\eMAM Gateway\eMAMUploadManager eMAM 5.0 - C:\Program Files\Empress Media\eMAM Ingest Manager\eMAMUploadManager 
  • In the same "eMAMUploadManager" folder, you can see a "conf" folder. Edit, server.xml file and find the following tag,
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol Uncomment this tag and replace it with following tag,
 
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="${user.dir}/eMAMUploadManager.jks" keystorePass="eM@M2014" />

The key Store file path may need to be changed for eMAM 5.0 in the server.xml file.
 
  • The default port of Apache over SSL is 8443. Make sure the port is open to the server and put the uploader URL with https in the browser to make sure uploader is working fine,
 
  • Replace the dummy domain name in the above URL with actual domain name. Once you get "eMAM Upload Manager is running successfully" response message in the browser, please change eMAM Uploader key under App settings in the web.config xml configuration file of eMAM Director with the above URL.

If you face any issues, please contact eMAM Support at support@emamonline.com for further assistance.