Certificate issue: KEY or PFX from P7B and CRT

前端 未结 3 1322
深忆病人
深忆病人 2021-02-12 16:19

I\'m new to the certificates, and this is a first time I bought it.

I generated CSR file (in IIS) and bought certificate using GoDaddy web site. They sent me two files:

相关标签:
3条回答
  • 2021-02-12 16:30

    Since I will use the certificate for Azure Web role, I need PFX

    Although my target server is Nancy, I'm posting the answer because it's relevant to the process of generating a PFX cert.

    A Nancy-based project required a trusted cert. I found procedures to setup a self-signed using a PFX cert, Enabling SSL for Self Hosted Nancy, but it wasn't obvious how to proceed with GoDaddy certs. Digging around, I found an answer at a commercial SSL site.

    So I created the CSR using OpenSSL, ordered and fetched my cert package from GoDaddy, and then managed to generate a PFX also using OpenSSL as described below.

    As a side note for Nancy, I installed the PFX locally using the following

    c:> certutil -importPFX certname.pfx
    

    described here @ https://stackoverflow.com/a/33351095/241296

    Maybe it's possible to completely bypass local IIS for the Azure PFX requirements.


    Create a .pfx/.p12 certificate file using OpenSSL @ ssl.com

    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt
    

    Breaking down the command:

    • openssl – the command for executing OpenSSL
    • pkcs12 – the file utility for PKCS#12 files in OpenSSL
    • -export -out certificate.pfx – export and save the PFX file as certificate.pfx
    • -inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate.
    • -in certificate.crt – use certificate.crt as the certificate the private key will be combined with.
    • -certfile more.crt – This is optional, this is if you have any additional certificates you would like to include in the PFX file.

    I used the -certfile option to specify the GoDaddy bundle:

    openssl pkcs12 -export -out my.pfx -inkey my.key -in my.crt -certfile gd_bundle-g2-g1.crt
    
    0 讨论(0)
  • 2021-02-12 16:32

    Finally I managed to do that. In IIS I selected Complete Certificate Request, installed the CRT certificate, and then used Export option to save it as PFX.

    0 讨论(0)
  • 2021-02-12 16:32

    You can follow the steps provided on the support for installing SSL certificate.

    Extracts from the above link.

    Important Note: : To export the certificate in .pfx format you need to follow the steps on the same machine from which you have requested the certificate.

    enter image description here

    0 讨论(0)
提交回复
热议问题