624
edits
Changes
From SME Server
Jump to navigationJump to searchadded Migrating certificates section
When initially creating and ordering the certificate and supplying the domain name(s) to your chosen commercial supplier, you must include all domains that your server is hosting. sme server only supports one ssl certificate, so therefore to avoid errors for https access using any hosted domain name, the certificate must be created correctly. sme does not cater for multiple certificates for different domains, as it is not technically possible.
When initially creating and ordering the certificate and supplying the domain name(s) to your chosen commercial supplier, you must include all domains that your server is hosting. sme server only supports one ssl certificate, so therefore to avoid errors for https access using any hosted domain name, the certificate must be created correctly. sme does not cater for multiple certificates for different domains, as it is not technically possible.
====Migrating commercial certificates from Windows to Linux====
Based on this forum post http://forums.contribs.org/index.php/topic,46752.0.html
This example refers to migrating a free StartCom SSL certificate on a Windows SBS2008 Server to SME.
StartCom give out free SSL only certificates compatible with IE and Firefox which are only good for HTTPS.
To migrate the SSL certificate they already have (rather than buy a new one) follow these instructions: http://rackerhacker.com/2007/03/23/exporting-ssl-certificates-from-windows-to-linux/
The end result is you have the two files, .key and .crt. Do not implement the last three steps re importing the certificate to Apache, follow the instructiosn here: http://wiki.contribs.org/Certificates_Concepts#Commercial_certificates
=====Testing the migration before final deployment=====
Once the server is restarted, you can test the certificates, without disrupting the customers site, from a Windows workstation by doing:
Add the FQDN and internal IP Address of the SME server to the file c:\windows\system32\drivers\etc\hosts in the same format as the sample in the file.
Ping the FQDN of the SME server (the public FQDN, not the local one) to test it resolves correctly to the new SME server's internal IP address.
Then open a web browser to the SME server using HTTPS.
The address bar of the browser should correctly display the acceptance of the certificate instead of the usual "Do you want to accept this untrusted site..." message.
===Freely available certificates===
===Freely available certificates===
