将网站安全证书从 Windows IIS 转移到 Apache

将网站安全证书从 Windows IIS 转移到 Apache

我按照这个网站上的指示去做了(https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-an-apache-server.html) 将我的 GoDaddy.com 证书从 Windows Server 2003 计算机迁移到运行 Debian 和 Apache (v 2.4.10) 的服务器。我将 .pfx 文件转换为 .txt 文件并打开它以提取私钥和证书。但是,我的文件有三个证书,而不仅仅是教程中的一个。那么,哪个部分是我的 SSLCertificateFile、SSLCertificateKeyFile 或 SSLCertificateChainFile?我尝试将顶部部分添加为我的私钥,将第二部分添加为我的证书,但在 Chrome 中,当我导航到我的网站时,我收到“NET:ERR_CERT_AUTHORITY_INVALID”消息。任何帮助都将不胜感激。

Bag Attributes
Microsoft Local Key set: <No Values>
localKeyID: 01 00 00 00 
Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
friendlyName: 921ddddfb37214c2d5593e0c9b386a34_bc31898e-7ad7-4e24-9c39-0088bf3b937a
Key Attributes
X509v3 Key Usage: 10 
-----BEGIN ENCRYPTED PRIVATE KEY-----
Some Text Here   
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
localKeyID: 01 00 00 00 
subject=/OU=Domain Control Validated/CN=example.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
-----BEGIN CERTIFICATE-----
More Text here 
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Go Daddy Root Certificate Authority  G2
subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
-----BEGIN CERTIFICATE-----
Other Text here as well
-----END CERTIFICATE-----
Bag Attributes: <Empty Attributes>
subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
-----BEGIN CERTIFICATE-----
Last bit of text here 
-----END CERTIFICATE-----

(为了便于阅读和保证安全,删除了证书文本)

答案1

文本:

-----BEGIN ENCRYPTED PRIVATE KEY-----
Some Text Here   
-----END ENCRYPTED PRIVATE KEY-----

是加密的 PKCS#8 私钥,应将其放在文件中,并使用以下命令删除密码:

openssl pkcs8 -topk8 -inform PEM -in <in file> -nocrypt -out private.key

请注意,上述命令将要求输入密码。

private.key文件由 指向SSLCertificateKeyFile

各部分内容如下:

-----BEGIN CERTIFICATE-----
Text here 
-----END CERTIFICATE-----

是您的证书。它们需要放置在以下文件中:

下面subject=/OU=Domain Control Validated/CN=example.com是您的站点证书,应该放在 指向的文件中SSLCertificateFile

最后一个是您的颁发 CA 的证书,应放在 指向的文件中SSLCertificateChainFile

剩下的一个(上面两个证书之间的那个)是根 CA 证书,它应该已经存储在所有客户端的信任锚存储中。您不需要对它做任何事情。

相关内容