Skip to main content
OCLC Support

Export a Windows certificate

If you are running EZproxy on a Windows server, your server may already have an SSL key that you would like to use with EZproxy.  The following steps provide a way to export an SSL certificate from the Windows certificate store and import it into EZproxy.

EZproxy is unable to directly access the Windows certificate store. Although these steps work in many instances, there is no guarantee that all Windows certificates can be exported and transformed for use with EZproxy.

Throughout this document, references are made to the EZproxy ssl directory. This directory is located inside the directory where EZproxy is installed, if you performed a default installation of EZproxy, this is /usr/local/ezproxy/ssl for Linux or C:\ezproxy\ssl for Windows.

  1. If you are importing a wildcard certificate that matches the base name of your EZproxy server (e.g., your server is ezproxy.yourlib.org and the certificate is for *.yourlib.org), you must edit config.txt and add:
    Option IgnoreWildcardCertificate

    This option warns EZproxy that the wildcard certificate is not in the form that it expects, which would be *ezproxy.yourlibrary.org, in this example.

  2. Go to Start > Run and type "mmc".
  3. Click OK.
  4. Go to Console > Add/Remove Snap-in (this might also appear in File > Add/Remove Snap-in).
  5. Click Add...,
  6. Select the Certificates Snap-in and click Add. Select Computer Account and click Next.
  7. Click Finish. Click to Close the window and then click OK to confirm.
  8. Expand the Personal Certificates accordion and right click on the certificate you purchased.
  9. Select All Tasks > Export to export the private key. Do not select CA certificates.
  10. Specify a password and save the file in the EZproxy ssl directory named iis.pfx.
  11. Download this file into the EZproxy ssl directory:
    openssl.exe

You are now ready to prepare your windows certificate for import.