{"id":821,"date":"2016-09-24T16:21:34","date_gmt":"2016-09-24T14:21:34","guid":{"rendered":"http:\/\/www.netexpertise.eu\/en\/?p=821"},"modified":"2021-10-28T08:10:53","modified_gmt":"2021-10-28T06:10:53","slug":"reuse-exchange-certificate-on-apache-web-server","status":"publish","type":"post","link":"http:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html","title":{"rendered":"Reuse PFX Exchange \/ IIS Certificate on Apache Web Server"},"content":{"rendered":"\n<p>While generating a Microsoft <a href=\"\/en\/category\/mail\/exchange\">Exchange<\/a> (or IIS web server) certificate, take the opportunity to add extra domain names and reuse it on <a href=\"\/en\/category\/misc\/apache\">Apache<\/a> web servers. This will save you a few bucks and time, unless the CA provides a certificate for multiple platforms.<br><br><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"\/uploads\/security-protection-lock-password-5726869.jpg\" alt=\"PFX certificate on Apache\"\/><figcaption><a href=\"https:\/\/pixabay.com\/users\/Mmh30\">Mmh30<\/a> \/ Pixabay<\/figcaption><\/figure><\/div>\n\n\n\n<p>PFX is a popular exchange format on Microsoft software such as Exchange or IIS. It is a <a href=\"https:\/\/en.wikipedia.org\/wiki\/PKCS_12\" target=\"_blank\" rel=\"noreferrer noopener\">PKCS#12<\/a> archive file that contains a certificate and the matching private key. It could also include other things like the CA certificate.<br>First off, copy the pfx file generated with Exchange on the web server where you should have all the tools that you need to extract and import the PFX certificate on Apache.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><br>Extract Cert and Key from the PFX File<\/h2>\n\n\n\n<p>Extract the private key from the PFX. Enter the password if asked.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">openssl pkcs12 -in cert.pfx -nocerts -out enc.key -nodes<\/code><\/pre>\n\n\n\n<p><br>Now, extract the certificate<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">openssl pkcs12 -in cert.pfx -nokeys -out cert.crt<\/code><\/pre>\n\n\n\n<p><br>And finally, decrypt the private key<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">openssl rsa -in enc.key -out dec.key<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><br>Import Cert and Key into Apache<\/h2>\n\n\n\n<p>&nbsp;<br>Move certificate and private key to Apache appropriate directories (I&#8217;m on Linux Redhat), and give proper permissions<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">mv cert.crt \/etc\/pki\/tls\/certs\/\nmv dec.key \/etc\/pki\/tls\/private\/\nchmod 600 \/etc\/pki\/tls\/private\/dec.key<\/code><\/pre>\n\n\n\n<p>Failing to run chmod leads to an Apache error on restart.<br>&nbsp;<br>If selinux is enabled on your web server, run<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">restorecon -RvF \/etc\/pki<\/code><\/pre>\n\n\n\n<p>This will restore the proper permissions on the new files you just copied over. You will get the following error message if you don&#8217;t:<br><em>[error] (13)Permission denied: Init: Can&#8217;t open server certificate file \/etc\/pki\/tls\/certs\/dec.<\/em>key<br>&nbsp;<br>Declare the new certificate in the Apache virtual host configuration file:<br><em>SSLCertificateFile \/etc\/pki\/tls\/certs\/cert.crt<br>SSLCertificateKeyFile \/etc\/pki\/tls\/private\/dec.key<\/em><br>&nbsp;<br>And reload the daemon to apply changes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">\/etc\/init.d\/httpd reload<\/code><\/pre>\n\n\n\n<p>&nbsp;<br>Now you have the same certificate on Exchange (or IIS in a PFX archive) and Apache web server. The certificate could be used on other web servers such as Nginx for instance.<\/p>\n\n\n\n<p>Also check with your certification authority beforehand. They may provide multiple certificate formats for different pieces of software, saving you the hassle of running these commands.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While generating a Microsoft Exchange (or IIS web server) certificate, take the opportunity to add extra domain names and reuse it on Apache web servers. This will save you a few bucks and time, unless the CA provides a certificate for multiple platforms. PFX is a popular exchange format on Microsoft software such as Exchange [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[65,369,411],"tags":[390,408,401,297,34,31],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Netexpertise - Reuse PFX Exchange \/ IIS Certificate on Apache Web Server<\/title>\n<meta name=\"description\" content=\"Reuse Microsoft Exchange or IIS SSL Certificate, stored in a PFX file, on Apache (or Nginx) web server in just a few commands\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netexpertise - Reuse PFX Exchange \/ IIS Certificate on Apache Web Server\" \/>\n<meta property=\"og:description\" content=\"Reuse Microsoft Exchange or IIS SSL Certificate, stored in a PFX file, on Apache (or Nginx) web server in just a few commands\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html\" \/>\n<meta property=\"og:site_name\" content=\"Netexpertise\" \/>\n<meta property=\"article:published_time\" content=\"2016-09-24T14:21:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-28T06:10:53+00:00\" \/>\n<meta name=\"author\" content=\"dave\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@netexpertise\" \/>\n<meta name=\"twitter:site\" content=\"@netexpertise\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html\",\"url\":\"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html\",\"name\":\"Netexpertise - Reuse PFX Exchange \/ IIS Certificate on Apache Web Server\",\"isPartOf\":{\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#website\"},\"datePublished\":\"2016-09-24T14:21:34+00:00\",\"dateModified\":\"2021-10-28T06:10:53+00:00\",\"author\":{\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa\"},\"description\":\"Reuse Microsoft Exchange or IIS SSL Certificate, stored in a PFX file, on Apache (or Nginx) web server in just a few commands\",\"breadcrumb\":{\"@id\":\"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/www.netexpertise.eu\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Reuse PFX Exchange \/ IIS Certificate on Apache Web Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#website\",\"url\":\"http:\/\/www.netexpertise.eu\/en\/\",\"name\":\"Netexpertise\",\"description\":\"Systems \/ Networks \/ DevOps\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.netexpertise.eu\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa\",\"name\":\"dave\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"caption\":\"dave\"},\"sameAs\":[\"http:\/\/www.netexpertise.eu\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netexpertise - Reuse PFX Exchange \/ IIS Certificate on Apache Web Server","description":"Reuse Microsoft Exchange or IIS SSL Certificate, stored in a PFX file, on Apache (or Nginx) web server in just a few commands","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html","og_locale":"en_US","og_type":"article","og_title":"Netexpertise - Reuse PFX Exchange \/ IIS Certificate on Apache Web Server","og_description":"Reuse Microsoft Exchange or IIS SSL Certificate, stored in a PFX file, on Apache (or Nginx) web server in just a few commands","og_url":"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html","og_site_name":"Netexpertise","article_published_time":"2016-09-24T14:21:34+00:00","article_modified_time":"2021-10-28T06:10:53+00:00","author":"dave","twitter_card":"summary_large_image","twitter_creator":"@netexpertise","twitter_site":"@netexpertise","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html","url":"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html","name":"Netexpertise - Reuse PFX Exchange \/ IIS Certificate on Apache Web Server","isPartOf":{"@id":"http:\/\/www.netexpertise.eu\/en\/#website"},"datePublished":"2016-09-24T14:21:34+00:00","dateModified":"2021-10-28T06:10:53+00:00","author":{"@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa"},"description":"Reuse Microsoft Exchange or IIS SSL Certificate, stored in a PFX file, on Apache (or Nginx) web server in just a few commands","breadcrumb":{"@id":"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.netexpertise.eu\/en\/mail\/exchange\/reuse-exchange-certificate-on-apache-web-server.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/www.netexpertise.eu\/en"},{"@type":"ListItem","position":2,"name":"Reuse PFX Exchange \/ IIS Certificate on Apache Web Server"}]},{"@type":"WebSite","@id":"http:\/\/www.netexpertise.eu\/en\/#website","url":"http:\/\/www.netexpertise.eu\/en\/","name":"Netexpertise","description":"Systems \/ Networks \/ DevOps","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.netexpertise.eu\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa","name":"dave","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","caption":"dave"},"sameAs":["http:\/\/www.netexpertise.eu"]}]}},"_links":{"self":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts\/821"}],"collection":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/comments?post=821"}],"version-history":[{"count":0,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts\/821\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/media?parent=821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/categories?post=821"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/tags?post=821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}