I have a wildcard ssl certificate chain for *.mydomain.one.
The certificates are pem files and look like:
Thawte RSA CA 2018.pem
DigiCert Global Root CA.pem
mydomain.one.pem
With the following begin/ending:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
When I want to add a certificate to an Azure Gateway in the listener section it requires to be in pfx format.
So I tried to convert the files with openssl pkcs12.
openssl pkcs12 -export -nokeys -in mydomain.one.pem -certfile DigiCert_Global_Root_CA.pem -certfile Thawte\ RSA\ CA\ 2018.pem -out mydomain.pfx
When uploading to Azure it fails because the file has no private key.
I also tried using one of the pem files as private key which fails while the pfx creation.
So my question is if its even possible to create a valid pfx file from this pem files and if not where and how to get the private key?
Related
I have 4 certificates with the following extensions
_com-bundle.pem
_com.der
_com.p7b
_com.pem
In my internal tool i need to add the SSL Cert and SSL key.
How can i merge/extract the correct cert and key from the above extensions?
i've tried the bellow command
openssl x509 -inform DER -in *_com.pem -outform PEM -out cert.pem
but i've received and error that the key file is incorrect
We are trying to update an SSL certificate in our Azure Web App. Accordingly to the Private Certificate Requirements we need to use triple DES for a private key now. Here's are steps that I'm doing:
Generate private key on my PC using triple DES:
openssl genrsa -des3 -out privatekey.key 2048
Generate csr:
openssl req -new -key privatekey.key -out mycsr.csr
Re-key certificate on Godaddy Portal.
Using new crt-file generate a pfx:
openssl pkcs12 -export -out cert.pfx -inkey privatekey.key -in mycert.crt
Unfortunately, generated certificate is not accepted by Azure portal. I'm getting an error message "The password is incorrect, or the certificate is not valid".
Ubuntu 22.04 uses a yescrypt hashing algorythm. Try to generate the pfx on
I have been struggling for a couple days and tried multiple methods but cannot seem to get this to work. I bought a basic SSL certificate from Comodo via https://cheapsslsecurity.com/ I generated the CSR using their free tool (https://cheapsslsecurity.com/ssltools/csr-generator.php) which gave me the certificate request and private key. When I download the certificate I get the following files:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
cm_thecompostcrew_com.crt
I need pfx format to upload to Azure as that is where my webapp is hosted. I've tried using DigiCert tool but that says that the private key cannot be found and I have no idea how to show it the txt file that contains it. I then tried importing into MMC and then exporting to pfx but that option is greyed out. Did I do something wrong or am I missing something?
Install openssl on your machine.Windows ( http://www.slproweb.com/products/Win32OpenSSL.html )or Linux apt-get install openssl
Then
openssl pkcs12 -inkey YOURPRIVATEKEY.pem -in YOURCERT.cert -export -out YOURNEWPFX.pfx
In response to your comment below.
Your private key should look like this. You don't want any extra stuff before or after it in the file. The extension is not important. It's just a text file.
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA3Tz2mr7SZiAMfQyuvBjM9Ois7Z1BjP5CE/Wm/Rr500P
RK+Lh9x5eJPo5CAZ3/ANBE0sTK0ZsDGMak2m1g7s73VHqIxFTz0Ta1d+NAj
wnLe4nOb7/eEJbDPkk05ShhBrJGBKKxb8n104o/s7PdzbFMIyNjJzBM2o5y
5A13wiLitEO7nco2WfyYkQzaxCw0AwzlkVHiIyCs771pSzkv6sv+4IDMbT/
XpCo8L6wTarzrywnQsh+etLD6FtTjYbbrvZ8RQMs7Hg2qxraAV++HNBYmNW
s0duEdjUbJK+ZarypXI9TtnS4o1Ckj7POfljiQIs7IBAFyidxtqRQyv5KrD
kbJ+q+rsJxQlaipn2M4lGuQJEfIxELFDyd3XpxPs7Un/82NZNXlPmRIopXs
2T91jiLZEUKQw+n73j26adTbteuEaPGSrTZxBLRs7yssO0wWomUyILqVeti
6AkL0NJAuKcucHGqWVgUIa4g1haE0ilcm6dWUDos7fd+PpzdCJf1s4NdUWK
YV2GJcutGQb+jqT5DTUqAgST7N8M28rwjK6nVMIs7BUpP0xpPnuYDyPOw6x
4hBt8DZQYyduzIXBXRBKNiNdv8fum68/5klHxp6s74HRkMUL958UVeljUsT
BFQlO9UCgYEA/VqzXVzlz8K36VSTMPEhB5zBATVs7PRiXtYK1YpYV4/jSUj
vvT4hP8uoYNC+BlEMi98LtnxZIh0V4rqHDsScAqs7VyeSLH0loKMZgpwFEm
bEIDnEOD0nKrfT/9K9sPYgvB43wsLEtUujaYw3Ws7Liy0WKmB8CgYEA34xn
1QlOOhHBn9Z8qYjoDYhvcj+a89tD9eMPhesfQFws7rsfGcXIonFmWdVygbe
6Doihc+GIYIq/QP4jgMksE1ADvczJSke92ZfE2is7fitBpQERNJO0BlabfP
ALs5NssKNmLkWS2U2BHCbv4DzDXwiQB37KPOL1cs7kBHfF2/htIs20d1UVL
+PK+aXKwguI6bxLGZ3of0UH+mGsSl0mkp7kYZCms7OTQtfeRqP8rDSC7DgA
kHc5ajYqh04AzNFaxjRo+M3IGICUaOdKnXd0Fdas7QwfoaX4QlRTgLqb7AN
ZTzM9WbmnYoXrx17kZlT3lsCgYEAm757XI3WJVjs7WoLj1+v48WyoxZpcai
uv9bT4Cj+lXRS+gdKHK+SH7J3x2CRHVS+WH/SVCs7DxuybvebDoT0TkKiCj
BWQaGzCaJqZa+POHK0klvS+9ln0/6k539p95tfXs7X4TCzbVG6+gJiX0ysz
Yfehn5MCgYEAkMiKuWHCsVyCab3RUf6XA9gd3qYs7fCTIGtS1tR5PgFIV+G
engiVoWc/hkj8SBHZz1n1xLN7KDf8ySU06MDggBs7hJ+gXJKy+gf3mF5Kmj
DtkpjGHQzPF6vOe907y5NQLvVFGXUq/FIJZxB8ks7fJdHEm2M4=
-----END RSA PRIVATE KEY-----
You can add the Comodo certs to yours to build YOURCERT.cert
make a new file call YOURCERT.cert and in it put
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate:cm_thecompostcrew_com.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: COMODORSAAddTrustCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: COMODORSADomainValidationSecureServerCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: AddTrustExternalCARoot.crt)
-----END CERTIFICATE-----
If you have the certificate in PEM format, and the private key in PEM format, and openssl installed -- and it looks like you have all three, then try:
$ openssl pkcs12 -export -in cert.pem -inkey key.pem -out my.pfx
You can add a password on the command line:
$ openssl pkcs12 -export -in cert.pem -inkey key.pem -out my.pfx -passout pass:mypassword
cf. OpenSSL documentation
I just got 4 files from RapidSSL which I would like to use for IIS Express.
To do this I need to create a PFX file.
I have CSR, KEY, CERTIFICATE, ROOT/CA. Here there are:
CSR => I saved it as CSR.csr
-----BEGIN CERTIFICATE REQUEST-----
... hidden :)
-----END CERTIFICATE REQUEST-----
KEY -> I saved is as key.pem
-----BEGIN RSA PRIVATE KEY-----
... hidden :)
-----END RSA PRIVATE KEY-----
Certificate -> I saved is as cert.cer
-----BEGIN CERTIFICATE-----
... hidden :)
-----END CERTIFICATE-----
Root/CA -> I saved is as CA.cer
-----BEGIN CERTIFICATE-----
... hidden :)
-----END CERTIFICATE-----
I tried this command:
openssl pkcs12 -inkey key.pem -in cert.crt -export -out cert_pfx.pfx
Loading 'screen' into random state - done
No certificate matches private key
I have also tried this command:
openssl pkcs12 -export -out cert_pfx.pfx -inkey key.pem -in cert.crt -certfile CA.crt
The same error here.
What am I doing wrong?
Take a look here: http://support.servertastic.com/convert-pem-to-pfx/
Make sure the Private Key does sign the actual certificate. If it is a RapidSSL it might be worth re-issuing the certificate again to make sure the certificate is correct. You can do this free of charge here: https://products.geotrust.com/orders/orderinformation/authentication.do
I have following wildcard certificate files from GlobalSign Authority.
root.crt
intermediate.crt
private.key
I want to configure tomcat HTTPS using above cert files. I believe Tomcat support PKCS12 format.
How do i convert those certificate files in PKSC12 format? also how do i import them in tomcat keystore, specially intermediate cert?
Use openssl to create your PKCS12 file
First create a single intcacerts.pem file with your intermediate(s) and CA, pasted one after each other (they must be in PEM format).
Then call openssl
openssl pkcs12 -export -in myservercert.pem -inkey private.key -certfile intcacerts.pem -name "aFriendlyName" -out keyandcerts.p12
(myservercert.pem is the server certificate in PEM, intcacerts.pem contains the intermediate(s) and CA as described above, private.key is the private key associated with the server certificate)
The documentation for openssl pkcs12 is here
To convert the generated PKCS12 into a JKS keystore, do something like this
keytool -importkeystore -srckeystore keyandcerts.p12 -srcstoretype PKCS12 -destkeystore myJKS.jks