From eScan Wiki
Revision as of 10:54, 28 November 2022; view current revision
←Older revision | Newer revision→
←Older revision | Newer revision→
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
[edit]
Generating a Certificate Signing Request (CSR)
For Apache
Scenario: The customer wants to have eScan Webconsole on HTTPS with a valid SSL
certificate (not a self-signed certificate), but has only the .pfx file for the SSL certificate, does not
have the .crt/.cer and the .key files.
What we need for running our eScan Webconsole on HTTPS with a valid SSL certificate.
- webconsole.cer
- webconsole.key
- ca.cer file
How to extract .crt and .key files from .pfx file?
- Create a folder named “certs” in the C drive root and copy available .pfx to this folder Eg: yourfile.pfx
- Open the command prompt and go to \MicroWorld\apache2\bin folder.
- Run the following command to extract the certificate: openssl pkcs12 -in C:\certs\yourfile.pfx -clcerts -nokeys -out C:\certs\your_domain.crt
- Run the following command to extract the private key: openssl pkcs12 -in C:\certs\yourfile.pfx -nocerts -out C:\certs\enc_domain.key You will be prompted to type the import password. Ask the customer to type the password that he used to protect the keypair while creating the .pfx file. You will be prompted again to provide a new password to protect the .key file that you are creating. Store the password to your key file in a secure place to avoid misuse.
- Run the following command to decrypt the private key: openssl rsa -in C:\certs\enc_domain.key -out C:\certs\dec_domain.key You will be prompted to type the password. Type the password that you set in step 4 to protect the .key file.
- Now export the your_domain.crt to webconsole.cer. Refer below link to know how to export https://support.comodo.com/index.php?/Knowledgebase/Article/View/361/17/how-do-i-convert-crt-file-into-the-microsoft-cer-format
- Get the ca.crt or ca.cer file from the SSL certificate provider. If you have the ca.crt file export it to ca.cer file.
- Rename the dec_domain.key to webconsole.key
- Stop the eScan-apache service.
- Rename the files ca.cer, webconsole.cer and webconsole.key from the “MicroWorld\apache2\bin\ssl” folder to ca.cer_ss, webconsole.cer_ss and webconsole.key_ss respectively.
- Copy the files ca.cer, webconsole.cer and webconsole.key from the C:\certs\ folder to the “MicroWorld\apache2\bin\ssl” folder.
- Start the eScan-apache service.