Importing an IIS keypair into Webthority
NOTE: The password “changeit” must be entered as is and not replaced with an alternative password.
NOTE: The alias “this-server” must be entered as is and not replaced with an alternative alias.
1) Export the certificate and private key in pfx format from IIS.
2) Convert from pfx to pem, this requires openssl which can be obtained from
http://sourceforge.net/projects/openssl1d/files/latest/download
# cd "C:\OpenSSL\bin"
# openssl pkcs12 -in c:\iiskeypair.pfx -out c:\iiskeypair.pem
Enter Import Password: <pfx password>
MAC verified OK
Enter PEM pass phrase: changeit
Verifying - Enter PEM pass phrase: changeit
3) Convert from pem to p12 and assign the alias “this-server”
# openssl pkcs12 -export -in c:\iiskeypair.pem -out c:\iiskeypair.p12 -name "this-server"
Loading 'screen' into random state - done
Enter pass phrase for c:\iiskeypair.pem: changeit
Enter Export Password: changeit
Verifying - Enter Export Password: changeit
4) Backup the Webthority certificate store
C:\Program Files\PassGo\Webthority\j2sdk\jre\lib\security\cacerts
5) Import p12 into Webthority
# cd "C:\Program Files\PassGo\Webthority\j2sdk\bin"
# keytool -importkeystore -destkeystore ..\jre\lib\security\cacerts -srckeystore c:\iiskeypair.p12 -srcstoretype PKCS12 -alias this-server
Enter destination keystore password: changeit
Enter source keystore password: changeit
Existing entry alias this-server exists, overwrite? [no]: yes