HowTo: Unreal + Windows + CA certificate (not self signed)

These are old archives. They are kept for historic purposes only.
Post Reply
Posts: 1
Joined: Thu Mar 01, 2012 7:48 pm

HowTo: Unreal + Windows + CA certificate (not self signed)

Post by Lycaon » Thu Mar 01, 2012 9:19 pm

I apologize in advance if there's already a topic with this information, but neither Google nor this forum's search function turned up the information I was looking for, and it was actually quite aggravating that no instructions were included with the install on how to use a CA signed certificate, and how to obtain the PEM files if not using makecert.bat. The problem is made worse because of the strict RTFM policy enforced by the developers, so here is some potentially valuable information for those of you running Windows and who are not using a self signed certificate, but rather one from Thawte, Geotrust, etc.

This is assuming you've used IIS to generate your CSR, sent it in, received your CRT file and imported the CRT file into IIS's Server Certificate manager. As far as I know, and have Googled, IIS is about the only way a server admin can easily create a CSR on Windows, so that is what I am going to assume you've used.
  • Install the SSL version of UnrealIRCD.
  • Export your certificate from the IIS Server Certificates icon in IIS. Using certmgr.msc will NOT work. We will assume you saved the file as server.pfx from here on.
  • Copy the server.pfx file to your Unreal3.2 directory.
  • Open up a command prompt, then navigate to your Unreal3.2 directory.
  • Export the public key by running openssl.exe pkcs12 -in server.pfx -clcerts -nokeys -out server.cert.pem It will ask for an import password. This is the password you entered when you exported the pfx. If successful, you should get a "MAC verified OK" response.
  • Export the private key by running openssl.exe pkcs12 -in server.pfx -nocerts -out temp.pem It will ask for the import password, then it will ask you to enter and verify a PEM passphrase. This will create an encrypted PEM file, which Unreal cannot use, so we have one more step.
  • Export an unencrypted PEM from the previous file by running openssl rsa -in temp.pem -out server.key.pem This will ask for the PEM passphrase entered in the last step. If successful, it will export an unencrypted private key file.
You should now have "server.cert.pem" and "server.key.pem" which you can then reference in your set::ssl block in order to use the certificate on your IRCD.

Post Reply