Running Backup My Org or Clean My Org as HTTPS

Please review this guide to run Backup My org or Clean My Org as HTTPS:


Recommended Option: Using an existing IIS PFX Certificate for use with BackupMyOrg / CleanMyOrg 


  1. Export the certificate from IIS:
    a. Open the IIS Manager
    b. Click on the server name in the left-hand pane
    c. In the middle pane, double-click on "Server Certificates"
    d. Select the certificate you want to export
    e. Click "Export" in the right-hand pane
    f. Follow the wizard to export the certificate as a .pfx file (remember the passphrase you specified to protect the cert)
    Be sure to export the PFX to the BackupMyOrg/CleanMyOrg main folder
    (Note: if you don’t have an export option you may need to re-import the certificate to IIS with the allow export option)
  2. Open the command prompt and navigate to the BackupMyOrg/CleanMyOrg directory and type:
    backupmyorg pfx <passphrase>
    or
    cleanmyorg pfx <passphrase>
    This will save the passphrase as an encrypted string in the MongoDB database.
  3. In the main application directory, edit the config/nodeconfig.json file and make the following modifications:

    Note: If you are using an absolute path in your nodeconfig.json file, be sure to use double backslashes, such as "C:\\BackupMyOrg\\Certificates\certificate.pem" or "C:\\CleanMyOrg\\Certificates\certificate.pem"
    "useHTTPS": true,
      "certs": {
        "certificate": "",
        "key": "",
        "pfx": "<name of your PFX file>"
      },
  4. Restart your CleanMyOrg server app or service, then load https://localhost:8500 or https://yourwebdomain:8500 (for BackupMyOrg) or https://localhost:8000 or https://yourwebdomain:8000 (for Clean My Org) in your browser.



Option 2: Using a key and pem file for use with BackupMyOrg / CleanMyOrg 


  1. Both a certificate and key .pem file are required. (If you need to generate these, you can do so by downloading OpenSSL at https://slproweb.com/download/Win64OpenSSL_Light-3_2_0.msi)
  2. Open a Command Console in Windows
  3. Run the following commands to generate your private key and public certificate:
    openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
    openssl x509 -text -noout -in certificate.pem
  4. Once you have the cert and key files, copy them to your BackupMyOrg or CleanMyOrg main folder
  5. Edit the config/nodeconfig.json file and make the following modifications:
    1. “useHTTPS”: true,
    2. “certificate”: <name of your certificate.pem file>,
      “key”: <name of your key .pem file>
      Note: If you are using an absolute path in your nodeconfig.json file, be sure to use double backslashes, such as "C:\\BackupMyOrg\\Certificates\certificate.pem" or "C:\\CleanMyOrg\\Certificates\certificate.pem"
  6. Restart your CleanMyOrg server app or service, then load https://localhost:8500 or https://yourwebdomain:8500 (for BackupMyOrg) or https://localhost:8000 or https://yourwebdomain:8000 (for Clean My Org) in your browser.


See A "Not Secure" Warning On Your Browser?

 If you have created a self signed certificate, those will always show up as not trusted.

You will need to buy a certificate from a trusted source (such as Verisign) to have a signed certificate from an authority.


Option 3: Convert an existing IIS Certificate into a key/pem for use with BackupMyOrg / CleanMyOrg 


To convert an IIS certificate to a .KEY and .PEM format for use in BackupMyOrg or CleanMyOrg, you can follow these steps:


  1. Export the certificate from IIS:
    a. Open the IIS Manager
    b. Click on the server name in the left-hand pane
    c. In the middle pane, double-click on "Server Certificates"
    d. Select the certificate you want to export
    e. Click "Export" in the right-hand pane
    f. Follow the wizard to export the certificate as a .pfx file (remember the password you specified to protect the cert)
    (Note: if you don’t have an export option you may need to re-import the certificate to IIS with the allow export option)

  2. Convert the .pfx file to a .pem file using OpenSSL:
    a. Install OpenSSL on your computer if it is not already installed (Windows version can be found at: https://slproweb.com/products/Win32OpenSSL.html
    b. Copy the .pfx file to the OpenSSL /bin folder
    c. Open a command prompt or terminal window
    d. Navigate to the openSSL bin directory
    e. Run the following command (changing exported cert name as necessary):

    openssl pkcs12 -in exportedCert.pfx -out yourcert.pem -nodes

    This command will prompt you for the password you used to protect the .pfx file. Enter the password and press Enter. The command will create a .pem file in the same directory as the .pfx file.

  3. Extract the private key from the .pem file using OpenSSL:
    a. Run the following command in the same directory where the .pem file is saved:

    openssl rsa -in yourcert.pem -out yourkey.key

    This command will extract the private key from the .pem file and save it as a separate .key file in the same directory.

  4. Copy the .pem and .key to the application directory and configure config/nodeconfig.json
    a. Copy the new .pem and .key file to your application root directory
    b. Open <application directory>\config\nodeconfig.json
    c. Modify the settings as follows (changing names as necessary):

    "useHTTPS": true,
      "certs": {
        "certificate": "yourcert.pem",
        "key": "yourkey.key"
      },

  5. Restart the BackupMyOrg server and open the browser using https location.