IMail - How to use an IIS SSL certificate

Question/Problem: I have an existing IIS certificate. Do I need to get a new one for IMail's SSL configuration or can I use this one?

Answer/Solution: This came from a customer of ours. It has not been tested with versions 8.0 or later. It is not supported.

These instructions were developed using IIS 5 on Windows 2000 Server SP3 and OpenSSL 0.9.5a.

1. Export your SSL Certificate from IIS:

  a) Open 'Internet Information Services' from 'Administrative Tools' on your
      Start menu.

  b) Right-click on your website and select 'Properties'.

  c) Choose the 'Directory Security' tab and click on 'View Certificate'.

  d) Choose the 'Details' tab, and click 'Copy To File'.

      i) Click 'Next' and choose 'Yes, export the private key'.

      ii) Make sure 'Personal Information Exchange - PKCS#12 (.PFX) is
           selected.

      iii) Clear all checkboxes and click 'Next'.

      iv) Enter a password of at least 4 characters and click 'Next'. (Remember
            this - You will need it later!)

      v) Enter the path to save the file to, and click 'Next'.

      vi) Click 'Finish' then 'OK'.

      vii) Close all dialog boxes, and 'Internet Information Services'.

2. Convert your PFX certificate to PEM

  a) Download OpenSSL to the same folder you saved your certificate to.
      You can find it at:

https://www.zoneedit.com/doc/partner/perl-utils/openssl-win32-binaries/openssl.exe

  b) Start a Command Prompt and go to the folder with OpenSSL and your
      certificate.

  c) Type 'openssl pkcs12 -in filename.pfx -out filename.pem -nodes'
      (without quotes).

  d) Enter your password from step 1.d.iv at the prompt and press return.

  e) You should see the message 'MAC verified OK'.

  f) Exit the command prompt.

3. Create the .cer and .key files for IMail

  a) Create two blank documents with the extensions .cer and .key.

  b) Start 'WordPad' and open the .pem file you created in step 2.

  c) Open the blank .cer and .key files in "Notepad".

  d) Locate the section of the file that begins with
      '-----BEGIN RSA PRIVATE KEY-----' in 'WordPad'.

  e) Copy that line and everything under it up to and including
       '-----END RSA PRIVATE KEY-----'

  f) Paste that text into your .key file and save it.

  g) Locate the section of the file that begins with
      '-----BEGIN CERTIFICATE-----' in 'WordPad'.

  h) Copy that line and everything under it up to and including
       '-----END CERTIFICATE-----'.

  i) Paste that text into your .cer file and save it.

  j) Close 'WordPad' and both instances of 'Notepad'.

The only files you need to keep are the .key and .cer files that you have created. Rename the .cer file to .crt. The password you will be asked for when using the SSL Utility will be the same one you entered in step 1.d.iv.