I received .crt .pem and .p7b file from GoDaddy to setup SSL. How can I generate a .pfx file from them using openssl
It appears you are after a PKCS#12 file. In this case you should be able to do something like so:
openssl pkcs12 -export -in your.crt -inkey your.pem -out resulting.pfx
options are pretty self-explanatory. Depending on whether your source key is password-protected you might also need to supply that via -passin/-passout values
Related
I have a wildcard ssl certificate chain for *.mydomain.one.
The certificates are pem files and look like:
Thawte RSA CA 2018.pem
DigiCert Global Root CA.pem
mydomain.one.pem
With the following begin/ending:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
When I want to add a certificate to an Azure Gateway in the listener section it requires to be in pfx format.
So I tried to convert the files with openssl pkcs12.
openssl pkcs12 -export -nokeys -in mydomain.one.pem -certfile DigiCert_Global_Root_CA.pem -certfile Thawte\ RSA\ CA\ 2018.pem -out mydomain.pfx
When uploading to Azure it fails because the file has no private key.
I also tried using one of the pem files as private key which fails while the pfx creation.
So my question is if its even possible to create a valid pfx file from this pem files and if not where and how to get the private key?
I am trying to integrate with a 3rd party API using two way SSL authentication. The documention provided by them is for JAVA and I am using NodeJS. I am new to this and really grasping at straw here. In document it is mentioned to generate a self signed certificate and use private key of that certificate with the public cetificate from them to create a PKCS 12 file and use it to call the API.
Below is the excerpt from the documentation to
Create a self signed certificate
keytool -genkey -keyalg RSA -alias <aliasName>-keystore selfsigned.jks -validity <days> -keysize 2048
Import JKS to key store
KeyDBs could be any format PFX, JKS or P12. Listing the certificates from > the Keystores, Go to bin directory of Java library, It should have a Private-> Cert entry in the List of the certificates.
Keytool -list -v -keystore <Keystore Name>
If the KeyDB is not present create a Keydb using the Private key and Public Certificate provided through openSSL.
Create P12 from key
openssl pkcs12 -export -in mycert.crt -inkey <mykey.key> -out mycert.p12 -name tomcat -CAfile <myCA.crt> -caname root –chain
Create JKS from P12
keytool -v -importkeystore -srckeystore <key.p12> -srcstoretype PKCS12 -destkeystore <key.jks> -deststoretype JKS
To Verify: KeyDBs could be any format PFX, JKS or P12. Listing the certificates from the Keystores, Go to bin directory of Java library, It should have a Private-Cert entry in the List of the certificates.
Keytool -list -v -keystore <Keystore Name>
I am facing problem in creating the PKCS 12 file. I created self signed certificate using openssl (provided with git) via below mentioned commmands
Creating request and private key
openssl req -new -newkey rsa:2048 -nodes -keyout privatekey.key -out certificatereq.cer
Creating Certificate using the request and key
openssl x509 -req -days 365 -in certificatereq.cer -signkey privatekey.key -out selfsigned.crt
Upon creation of certificate I used it to create PKCS 12 file as mentioned in documentation above via below mentioned command
openssl pkcs12 -export -in selfsigned.crt -inkey privatekey.key -out outpkcs12file.p12 -name myname -CAfile thirdpartypublic.crt -caname mycaname -chain
but getting the error Error self signed certificate getting chain. I tried by installing the self signed certificate in my system also and getting the same error. If I remove the -chain (not sure what it does, but found few commands without -chain) agrument there is no output in terminal. The third party's certificate is CA signed.
I'm facing an issue in installing SSL certificate in IIS and below are the step before I got the certificate from my CA.
Generated a private key file using OpenSSL with: "openssl genrsa -out key_name.key 2048" command.
Generated .csr file with: "openssl req -out CSR.csr -key key_name.key -new -sha256" command.
Once I generated the CSR file, I provided the same CSR file to CA to get me certificate.
I got the certificate in .p7b format, which I converted to .cer format.
Installed certificate using "Complete certificate request" option in IIS.
Now the problem is that newly installed certificate vanishes from IIS after a refresh. I Googled this issue and understood that, it's happening so because there is no private key associated with certificate. My question is where the private key has gone?? I had created the CSR using the private key in step 1. Secondly, how do I over come this issue, I have to install the certificate anyhow. Please help.
You did not generate the certificate request via IIS Manager. Thus, you should not use IIS to complete the request.
Instead, you need to use OpenSSL to generate a PFX file,
create a pfx file from a .cer and a .pem file
Then you can import it to IIS.
You might read this post for more details,
https://blog.lextudio.com/2015/06/the-whole-story-of-server-certificate-disappears-in-iis-77-588-510-0-after-installing-it-why/
I am trying to use push notifications through my nodejs server deployed in openshift rehat server. I could not find any documentation/discussion to generate apns certificate in openshift.
I tried generating a certificate, but getting an error while generating CSR using this command
openssl genrsa -out sz.key 2048
Error: unable to write 'random state'
e is 65537 (0x10001)
After some googling, I see one option is to use aerogear. But I want to use my own server to handle the notifications.
Is there any other option to generate a certificate in openshift server?
Thanks developercorey for your help. But i still see the error.
Finally generated certificate for my openshift server using this script
openssl x509 -in aps_production.cer -inform DER -out myProdCert.pem
The private key associated with the SSL certificate can be exported from the Keychain Access application on your Mac computer. - mykey.p12
openssl pkcs12 -in mykey.p12 -out myProdKey.pem -nodes -clcerts
openssl s_client -connect gateway.push.apple.com:2195 -cert myProdCert.pem -key myProdKey.pem
Hopefully this will help somebody.
Try this command:
HOME=~/app-root/data/ openssl genrsa -out sz.key 2048
Basically it is trying to write some temp data into your $HOME, but you can't write to that directory, so it won't work, but it does give somewhat of a cryptic error message.
I have following wildcard certificate files from GlobalSign Authority.
root.crt
intermediate.crt
private.key
I want to configure tomcat HTTPS using above cert files. I believe Tomcat support PKCS12 format.
How do i convert those certificate files in PKSC12 format? also how do i import them in tomcat keystore, specially intermediate cert?
Use openssl to create your PKCS12 file
First create a single intcacerts.pem file with your intermediate(s) and CA, pasted one after each other (they must be in PEM format).
Then call openssl
openssl pkcs12 -export -in myservercert.pem -inkey private.key -certfile intcacerts.pem -name "aFriendlyName" -out keyandcerts.p12
(myservercert.pem is the server certificate in PEM, intcacerts.pem contains the intermediate(s) and CA as described above, private.key is the private key associated with the server certificate)
The documentation for openssl pkcs12 is here
To convert the generated PKCS12 into a JKS keystore, do something like this
keytool -importkeystore -srckeystore keyandcerts.p12 -srcstoretype PKCS12 -destkeystore myJKS.jks