Menu
I got an ssl certificate from GoDaddy and downloaded the certicate and two text files. I need a pfx file for an Azure Web Service app. Godaddy sent me two .crt files and two text files one of which is a text titled "generate-private-key.txt". Question 1 : is the private key text file valid input as a key file for the OpenSSL pfx file conversion utility. Question 2 : Is there any indication in the .crt file name on which file to use as input to the OpenSSL utility.
454
Create the PFX fileIn MMC, right-click your certificate (it will have your Common Name value displayed in the Issued To column), and then select Export. Select Next. Select Yes, export the private key. Under Personal Information Exchange..., select Include all certificates in the certification path if possible.
Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil). In the Certificate Export wizard, select Yes, export the private key, select pfx file, and then check Include all certificates in the certification path if possible, and finally, click Next. A . pfx file uses the same format as a .
First off, you normally generate a certificate request with your private key and then give the request to the CA (Go Daddy in this instance). That way the CA does NOT get there hands on your private key.
If you just asked for a certificate without a certificate request then the CA will have to have generated a private key for you (not really a good idea as this is the key to using your certificate and now the CA has access to it...). If you did this then the CA must supply you with the private key along with any password set on it (if any).
It is also recommended that you also get the intermediate certificates between your generated certificate to the CA root certificate. These are useful as some clients will not be able to connect to your server without them being supplied e.g. firefox browser.
So you want to combine the private key, CA supplied public certificate and the CA intermediate certificates into a PFX file to be used by your web server.
The private keys can be in one to two main formats:
The certificate keys can come in a number of formats but the most likely are: - DER - this is a binary format - PEM - this is a text format - it's a base64 version of the DER format with headers and footers around it.
The file extensions are not always the best indicators of what the format is. Try viewing them in a text editor to see if it looks like binary or base64 text with headers and footers around them.
The basic command in openssl to generate a PFX file is the pkcs12 command.
You would normally do something like:
openssl pkcs12 -export -out name.pfx xxx
Where "xxx" depends on the what you have to supply. If for example you have:
then the whole command will be:
openssl pkcs12 -export -out name.pfx -inkey key.pem -in cert.pem -certfile inter.pem
If you don't want to include the inter.pem just drop the "-certfile inter.pem" argument.
If any of your files are in the DER format you will need to convert them to PEM format first.
For certificates you use the openssl x509 command like this:
openssl x509 -in cert.der -inform der -out cert.pem
Converting private keys will depend on the type of private key using the openssl rsa or ec commands. The command format is basically the same for converting keys are certificates but your use the rsa or ec instead of x509.
160
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
