How to install SSL certificate for Windows 8.1. Ask Question Asked 3 years, 6 months ago. Active 3 years, 5 months ago. Viewed 2k times 1. I have a Windows 8.1 machine that I RDP into on a public IP (also secured by 2FA). I am getting a failing PCI scan because the default SSL cert created by Windows for RDP is using SHA1 hashing. If you install Windows Admin Center (WAC) in gateway mode, the browser should communicate with the server via a secure connection. Despite WAC installing a certificate, it still raises a security warning in the browser. Therefore, you should replace it with your own certificate.
Active2 years, 6 months ago
I am a developer. Our server admins have given me 3 files. .cer, .pfx and .p7b and told me to install SSL in Apache Server. I have Wamp with Apache version 2.4.9. I have search and found something. I open httpd.conf file and search for DocumentRoot. After DocumentRoot I have added,
Now when I restart the apache. I am unable to navigate the server even on http. When I comment the above lines, my sites works on http.
user960567user96056714711 gold badge33 silver badges1616 bronze badges
2 Answers
Although this is not exactly a 'question', and you do not specify what is inside your files, you're doing at least one thing wrong: a pfx file (assuming this is not a naming error) cannot be used directly as a 'key' in Apache. Without knowing the contents of the cer and the p7b file, let's assume that the pfx has all the info we need and that you have the pfx password (you do, right?), and start from there.
- Grab and install OpenSSL for Windows (Suggestion: https://indy.fulgan.com/SSL/ has precompiled binaries if you're not willing to build from sources in http://www.openssl.org/)
- Extract the different files required for Apache from the pfx (you'll be prompted for the pfx password when required):a. Extract the SSL Certificate Private Key (Encrypted) from the pfx
C:Path> openssl pkcs12 -in MyPfx.pfx -nocerts -nodes -out MyEncKey.key
b. Remove the encryption from the SSL Certificate Private KeyC:Path> openssl rsa -in MyEncKey.key -out MyKey.key
c. Extract SSL Certificate from the pfxC:Path> openssl pkcs12 -in MyPfx.pfx -clcerts -nokeys -out MyCert.cer
d. Extract the (possibly empty) CA Certificate Chain from the pfxC:Path> openssl pkcs12 -in MyPfx.pfx -nodes -nokeys -cacerts -out MyCAs.crt
- Rebuild your httpd.conf using these lines instead of yours (note: ONLY INCLUDE THE SSLCACertificateFile line if the MyCAs.crt is not empty; you can check it with any text editor)
Miguel CaldasMiguel Caldas
Your SSL Certificate will work on HTTPS Port i.e 443, You need to Redirect your traffic from Http to HTTPS for Apache you need to make You need to go to MMC to put your Certificate and then Validate that one.
Ashwinikumar TiwariAshwinikumar Tiwari
Not the answer you're looking for? Browse other questions tagged sslapache-2.4windows-server-2012-r2 or ask your own question.
In one of our earlier posts, we have seen what Root Certificates are. There may be times, when some companies or users may feel the need to manage and configure Trusted Root Certificates, to prevent other users in the domain from configuring their own set. In this post, we will see how to manage Trusted Root Certificates & add certificates to the Trusted Root Certification Authorities store in Windows 10/8.1.
Manage Trusted Root Certificates in Windows
To add certificates to the Trusted Root Certification Authorities store for a local computer, from the WinX Menu in Windows 10/8.1, open Run box, type mmcand hit Enter to open the Microsoft Management Control.
Press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Certificates, and then click Add.
Click OK. In the next dialog box, select Computer account and then on Next.
Now select Local computer and click on Finish.
Now, back in MMC, in the console tree, double-click on Certificates and then right-click on Trusted Root Certification Authorities Store. Under All tasks, select Import.
The Certificate Import Wizard will open.
Follow the instructions in the wizard to complete the process.
Now let us see how to configure and manage trusted root certificates for a local computer. Open MMC and press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Group Policy Object Editor, and then click Add. Select the computer whose local GPO you want to edit, and click Finish / OK.
Now, back in the MMC console tree, navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings. Next Public Key Policies. Double-click Certificate Path Validation Settings, and then select the Stores tab.
Now, back in the MMC console tree, navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings. Next Public Key Policies. Double-click Certificate Path Validation Settings, and then select the Stores tab.
Here, select the Define these policy settings, Allow user trusted root CAs to be used to validate certificates and Allow users to trust peer trust certificates checkboxes.
Finally under Stores tab > Root certificate stores, select one option under Root CAs that the client computers can trust and click OK. If in doubt, go with the recommended option.
To see how you can manage trusted root certificates for a domain and how to add certificates to the Trusted Root Certification Authorities store for a domain, visit Technet.
RCC is a free Root Certificates Scanner that can help you scan Windows Root Certificates for untrusted ones.
Install Ssl Certificate Windows 2008
TIP: Download this tool to quickly find & fix Windows errors automatically
Install Ssl Certificate Windows 2012
Related Posts: