Script for export crt and key to apache

Hi everyone,
I use apache so I made a script to automatically deploy the private key and the certificate:

$latest = $result.ManagedItem.CertificatePath
openssl pkcs12 -in $latest -passin pass: -out C:\path\to\apache\ssl.key\public.key -nocerts -nodes
openssl pkcs12 -in $latest -out C:\path\to\apache\ssl.crt\public.crt -nokeys -passin pass:
Restart-Service -Name Apache2.4 -Force

Edit accordingly to your scenario, set certify to run post-request script and that’s it.

P.S. You need to set the path environment variable for openssl in windows or run it from the openssl directory

1 Like

This script works perfectly.

This is how I set the site up in Certify the Web:

Don’t select a website in IIS, just add the domain to certificate directly.

In the authorization, set the challenge type to http-01 and set the directory as the base of the web site in Apache. Tick to perform the challenge response checks and remove the tick for the application auto config.

Set the deployment to Certificate Store Only or No Deployment, as we don’t want it going anywhere in IIS.

Save the script above to a ps1 file and set the path and certificate file names as required. I keep a seperate folder for each site, but that’s not a requirement. I updated the script to use the full page to the openssl.exe file. Add the script to the Post-request PS Script option.

That’s it, the certificate should download and save out as crt and key files, which you can then set using the SSL settings in your apache configuration.

I run IIS and Apache on the same server on different ports and domains, with one configuration for IIS and one for Apache and it works.

1 Like