I am in a process of generating an SSL cert for a domain name.
What I have done: Went to the IIS management > Server Certificates and clicked on Create Request. This generated a *.com file with a hash inside it that I submitted to the GoDaddy. From GoDaddy I got back a zip with two files: *.crt and *.p7b
I exported the certificate to a *.cer file and uploaded it to Azure, but when I try to deploy the cloud project I get an error:
Certificate with thumbprint associated with HTTPS input endpoint does not contain private key
After reading similar issues on the Internet, I understand that my *.cer file doesnt contain the private key. My problem is that no matter how I try to export it to a *.PFX, the PFX option is always disabled in the cert export wizard.
Also not sure if it is related, but when I Click on Complete Certificate Request in IIS and select the cert that I got from GoDaddy. I get an error:
Cannot find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.
you can't export the private key alone. If you need to export the private key from either MMC or IIS, you should export the certificate in . pfx (PKCS#12) file format along with the private key. If this is the case, you may ask it is not possible to export a private key file on the Windows platform.
You can use OpenSSL to create a private key and a certificate signing request (CSR) that can be transformed into a certificate after it is signed by a certificate authority (CA).
Windows (IIS) pfx” file that contains the certificate(s) and private key. Open Microsoft Management Console (MMC). In the Console Root expand Certificates (Local Computer). Your server certificate will be located in the Personal or Web Server sub-folder.
If the option "Yes, export the private key" is greyed out during you export this certificate, it means the private key of this certificate cannot be exported after this certificate is enrolled/requested.
You will not have the option of exporting from IIS or exporting to PFX from Certificate Manager if you do not do the IIS "Create Certificate Request" and "Complete Certificate Request" from the same machine.
That was my problem. I did these two steps from two different machines.
I had to create a new request (in IIS), go to GoDaddy, rekey my certificate, download the new certificate, and then complete the request (in IIS).
This turned out to be something completely idiotic, as usual messed up by Microsoft. The process of creating a cert for a domain is that you need to use [Create Certificate Request] in IIS. Then send the created hash to the Authority and use the [Complete Certificate Request] in IIS where you provide the cert given to you by the Authority. This will install the cert into your local IIS
After the cert is installed you need to right click on it and do an export to a *.PFX file. The PFX file now can be uploaded to Azure or any other hosting...
The processes could have been very simple, if Microsoft didn't make sure to screw it up.
The thing is that when you click on [Complete Certificate Request], the file open dialog has a file type of *.CER, but this is wrong because you need to provide *.CRT!!! The solution is to change the file type select to All Files *.*
and chose the *.CRT file provided by the Authority.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With