Skip to main content
OCLC Support

Prepare a Windows certificate for EZproxy import

If you are running EZproxy on a Windows server, your server may already have an SSL key that you would like to use with EZproxy.  The following steps provide a way to import a Windows certificate into EZproxy.

For information about preparing for this process, see Export a Windows certificate.

  1. Open a command prompt window and cd to the EZproxy ssl directory.
  2. EZproxy stores its certificates in the files that start with 8 digit numbers. Issue the command dir and note the highest number in use on a file, such as 00000006.csr. For the rest of these steps, use the next highest number, adding enough zeros on the left to create an eight digit number. If there are no files in this directory, do not use 00000000. Start with 00000001. For the balance of this document, 00000007 is used for the examples.
  3. Issue the command:
    openssl pkcs12 -in iis.pfx -out 00000007.crt

    Type the password you specified on the export. You will then be prompted for a password phrase. Provide a password (it can be the same as the first password you created).

  4. Remove the password from the private key and move it where EZproxy can use it with the command:
    openssl rsa -in 00000007.crt -out 00000007.key
    
    You will be asked to provide the pass phrase you created in step 14.
  5. If your certificate has a chained certificate authority, download the Apache version of the file and save it in the ssl directory as 00000007.ca
  6. At this point, the certificate and key should be available to EZproxy. Use the information with SSL configuration to set up an admin account and access the /ssl administration page of your server.  The imported certificate should be the top certificate in the list. Click into the certificate to verify that EZproxy considers it valid. If it does, use the information from the SSL configuration page to configure EZproxy to use this certificate, skipping all steps that relate to generating a new certificate.