ServerIron ADX Security Guide 143
53-1002440-03
Configuring SSL on a ServerIron ADX 6
MIIDKTCCApKgAwIBAgIRAJoKUHAGHghM4kW84LNXP1wwDQYJKoZIhvcNAQEFBQAw
ZDETMBEGCgmSJomT8ixkARkWA29yZzEYMBYGCgmSJomT8ixkARkWCGpvbmRhdmlz
MQ0wCwYDVQQKEwRUQU1VMREwDwYDVQQLEwhTZWN1cml0eTERMA8GA1UEAxMIVW5k
ZXJ0b3cwHhcNMDQwOTAyMTc1ODE3WhcNMDcwNzIzMTc1NzQxWjBkMRMwEQYKCZIm
iZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYIam9uZGF2aXMxDTALBgNVBAoT
BFRBTVUxETAPBgNVBAsTCFNlY3VyaXR5MREwDwYDVQQDEwhVbmRlcnRvdzCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyk4jxC526rUPrkYC1pL+VobYp4B8yLEq
rzbYyL4G6g8OlQ5ZozfP8WHF0T9a7dr/2FmvzWNBka3mHgIUQQxVZcVe/4ALCSLU
tfHKaAWsgwzN+/86BFO6+/2ht2X0Yzo3laY69iGJAW1cNH/7DFE2sF42/EDk0VDb
mRU3cE4afOMCAwEAAaOB2jCB1zB3BgNVHR8EcDBuMGygaqBohwSsEAEFpDIwMDEu
MCwGA1UEAxMlb3U9U2VjdXJpdHksbz1UQU1VLGRjPWpvbmRhdmlzLGRjPW9yZ4Ys
aHR0cDovL3Njb3JwaW8uam9uZGF2aXMub3JnOjQ0Ny9VbmRlcnRvdy5jcmwwDgYD
VR0PAQH/BAQDAgGGMAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAUnGfclktn1nNL
ICknzxZsbFThFoEwHQYDVR0OBBYEFJxn3JZLZ9ZzSyApJ88WbGxU4RaBMA0GCSqG
SIb3DQEBBQUAA4GBAIg8VKUyiGCrQ4Rn6fRKQs4S1Paf6SPot5AQ1cHK5IlFHkFF
nUYMwFdQZcBrfXMLLPZb1ih0MtfEogLSbS82atF8VfkhzUAKl4ke7lKA35jr22Us
KhYtqbwzWkjBu4z/ph10L21CDSSghW1ea75+6IVEa/ZyuvOaINL2wQYNlmps
-----END CERTIFICATE-----
Syntax: ssl gencsr <key-name>
The <key-name> variable is the key name that you want to use for the certificate request.
Exporting Web Server Certificates
You can export a Web Server Certificate from a Web server and install it on a ServerIronADX. This
section describes the procedures required to export Web server certificates from a Windows
Internet Information server (IIS), or and Apache server (UNIX).
Windows IIS
To export an existing Web se rver certifica te to install on a ServerIronADX, follow these steps:
1. In the Run dialog box, type mmc, and click OK. The Microsoft Management Console (MMC)
appears.
2. If you do not have Certificate Manager installed in MMC, you need to install it. For more
information on how to add the Certificate snap-in to an MMC console, see the Microsoft link:
Install a Server Certificate.
3. In the console tree, click the logical store where the certificate you want to export exists. It is
usually in the Certificates folder in the Personal directory under Certificates (local computer)
on the console root.
4. Right-click the certificate you want to export and click All Tasks > Export to start the Certificate
Export Wizard.
5. Click Next.
6. On Export Private Key, click Yes to export the private key.
You must export the private key with your certificate for it to be valid on your target server.
Otherwise, you must request a new certificate for the target server.
7. I n t he Export File Format dialog box, choose.PFX. If the certificate has already been formatted,
that format is selected as the default. Click Next.
Do not select Delete the private key if export is successful, because this disables the SSL site
that corresponds to the private key.