How to deploy cert to apache httpd?

I want to use Apache httpd as web server in Windows Server 2016. For adding ssl cert, I have configured the Certify. But it seems only supports IIS. So how should I do?

To deploy to apache (once you have a certificate) you currently need to create a custom script to export the certificate to the correct format and cpoy it to the location apache expects. The next major version (expected over the next month or two) will include a deployment task to export directly to apache (either locally or via SSH/sftp). We do not support auto configuring the certificate for apache (updating the config) so you need to do that yourself.

1 Like

Thank you a lot. But I have no idea to find the cert. How can I use Powershell to export the cert to a pfx file?

Here is some general docs for scripting:

The cert is already a pfx (p12) format file containing both you certificate and the private key. The path for the PFX file is passed into your script as a parameter. I recommen writing a script that works outside of Certify then adapt it to take the parameter for the file location:

param($result)   # required to access the $result parameter

# do something with the pfx file:
$result.ManagedItem.CertificatePath

Most users who convert the pfx use OpenSSL but there are probably ways to do it using just powershell commands.

1 Like

Thanks. I’ll try it.

Hi,
I made a little script that search the latest pfx file in the directory and export the private key and the crt file to a directory you choose for apache, svae it to a .ps1 file and adapt to you enviroment
$dir = “C:\ProgramData\Certify\certes\assets\pfx”
$latest = Get-ChildItem -Path $dir | Sort-Object LastAccessTime -Descending | Select-Object -First 1
openssl pkcs12 -in C:\ProgramData\Certify\certes\assets\pfx\$latest -passin pass: -out C:\path\to\apache\ssl.key\public.key -nocerts -nodes
openssl pkcs12 -in C:\ProgramData\Certify\certes\assets\pfx\$latest -out C:\path\to\apache\ssl.crt\public.crt -nokeys -passin pass:

Hi, you should consider adapting this to use the path that gets passed in to the scripts parameter (Filezilla Server PS Script)

Your script will only work for hosting one website on the server (which is probably OK for you) but will also break in the next version when the certificate asset storage path changes (it is moving to C:\ProgramData\Certify\assets\yourdomain.com)