For the CA Wosin certificate applied by Aliyun share the steps of importing the certificate under Windows iis
- 2020-06-07 05:53:32
- OfStack
After aliyun application, you can download 1 compressed file, which contains two files key & pem file. These two files need OpenSSL command to convert into PFX file and import into IIS. This is a function of Aliyun in 16 years. It is not perfect, and it has been given one such document without asking for a long time
https://help.aliyun.com/knowledge_detail/13086385.html
It has this sentence in it
3. Convert PEM/KEY/CRT to PFX
Using the OpenSSL tool, you can convert the key file KEY and the public key file CRT to THE PFX file.
Put the key file KEY and the public key file CRT into the OpenSSL directory, open OpenSSL and execute the following command:
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
Note that server.crt is not the file we downloaded. You can change the suffix pem to crt if you look it up.
And then you have to install openssl. It's complicated.
1. Download and install Perl http: / / www activestate. com/activeperl downloads /
2. Download openssl http: / / www openssl. org/source /
Install Perl
Double-click to install the perl package. When finished, run the "CMD" command. Use the cd command to point to the eg file in the perl installation directory (default C:\perl64\eg). , indicating that the INSTALLATION of Perl has been successful and the installation of OpenSSL can start using the relevant commands of Perl
Install OpenSSL
1, decompression openssl t 1.0.1. tar. gz compressed package
2. Configure WIN32 environment
Open the CMD command line, enter the C:\OpenSSL directory, and execute the command
perl Configure VC-WIN32
3, enter VC BIN directory, configure VC environment variable, I use VS2012, so the directory is C:\Program Files (x86)\Microsoft Studio 11.0\VC\bin\ other according to their own situation.
Open CMD and run: ES110en32.ES111en to set the environment variable.
4. Return OpenSSL directory and create makefile file
Open CMD and enter the OpenSSL root directory to run ms\do_ms
PS online reference has this problem, but I did not encounter it
"
This command does not compile in assembly language. If an error is reported at the end of the text, try ms\do_masm (using assembly language), ms\do_nasm, ms\do_nt, etc. These configuration files are written in batches for different system configurations.
5. Compile in Openssl
nmake -f ms\ntdll.mak
After the final compilation of the dynamic library is completed, the output is in the directory out32dll: Includes executable, two dll and two lib files: libeay32, ES148en, ES148en, openssl, ssleay32, lib, if using VS/VC programming only need to follow the following method, if you need to use the openssl command, also need to add c:\openssl\out32dll in the system environment variable path, Since openssl. exe is in that directory, you can use the openssl command directly from the command line after you declare it.
There may be several problems with step 5 processing, 1. nmake command is not an internal command, which may not have been configured properly, or step 3 can be re-executed. C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\bin\nmake, but not myself. My solution is to re-execute step 3 with the administrator command
Now go back to this command, open CMD to your certificate directory, and run the following sentence
F:\openssl-1.0.1t\out32dll\openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
The 2016-7-5 update:
This certificate cannot be used under Safari. Later, I consulted Aliyun and said that the contents of the MMC certificate control unit still needed to be set, but the StartCom I applied for did not need to set the certificate in the MMC control unit, so the specific setting can be skipped here
After setting, I browed again in the Safari browser and saw that the certificate was valid. However, looking at the certificate details, the Wosin certificate can only be used normally if it is placed at the root level of StartCom... Suddenly felt that the domestic certificate Low 1.