There are quite a few organizations that have their infrastrucutre running on Windows yet the web presence runs on Apache.  This site once ran on Apache as well but I used my Windows CA to create an SSL certificate for the server.  Someone asked me how to do this and here is how!

On the Linux server open up a terminal and run the following commands.  The first one creates the private key

openssl genrsa -des3 -out mywebserver.key

Next we must validate the key and we can do this with

openssl rsa -noout -in mywebserver.key

Once this is complete we need to create the CSR.  The CSR is what we will generate the private key we will hand to the Windows CA.

openssl req -new -key mywebserver.key -out mywebserver.csr

Again we have to validate this key

openssl -noout -text -in mywebserver.csr

Lastly we can "print" the certificate requset to import into the Windows CA to request the certificate.

openssl req -in mywebserver.csr

Copy the text beginning with (and including) ----BEGIN CERTIFICATE REQUEST---- up to (and again including) ----END CERTIFICATE REQUEST----

You can then browse to your CA at http://servername/certsrv and request the certificate by pasting that text from above as a Base64 Encoded Certificate Request.  Once complete download the certificate to the web server and configure your http.conf and ssl.conf to point to the location of the key and cert.

One thing you may need to do is convert the CER file to what is known as a PEM file.  A PEM file is not widely adopted but you may run into this with some distros.  To convert the file you can use OpenSSL as well with the following command.

openssl x509 -in path/to/your/mywebserver.cer -inform DER -out  path/to/your/mywebserver.pem -outform PEM