This configuration file does not ship with the version of openssl I pulled for some reason. Found a default openssl.cnf
- generate an RSA private key
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
- write out the RSA private key
openssl rsa -passin pass:x -in server.pass.key -out server.key
- create the certificate signing request (CSR) for the server or common name;
openssl req -new -key server.key -out server.csr -config openssl.cnf -subj "/C=US/ST=TX/L=Allen/O=WatchGuard Video/CN=localhost"
- generate the x509 certificate from the request (this certificate will work in Root, but not WebHosting because no private key yet); this is normally handled by certificate CA
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- generate PFX from x509 with private key; password can be randomly generated as long as we can use it importing
- ```openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile server.crt -password pass:Super$ecrentPassword``
- Once you've imported the certificate into the store (not shown; I use powershell, our installer uses a custom action) you can associate the certificate with a port (and make sure its in the webhosting store). The appid is just a unique identifier for your application - doesn't mean anything else
netsh http add sslcert ipport=0.0.0.0:443 certhash=F3F2E90E2FC1B6905C2D6D95CBA9AD99636EA398 appid={87c74633-c4ef-420a-bbec-059bc88b3bf4} certstorename=WebHosting
- May require urlacl for port (test before doign this)
netsh http add urlacl url=https://+:9100/
Get the fingerprint of certificate
openssl x509 -in server.crt -fingerprint -noout
Import-PfxCertificate -filepath localapi.pfx cert:\localmachine\webhosting -password $pwd
or
X509Certificate2 certificate = new X509Certificate2("localapi.pfx","Password");
X509Store store = new X509Store(StoreName.TrustedPublisher,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();