Create .cer file from certificate values - ssl

I want to have ssl certificate on my IIS server, so I get on my Mail letter from reg.ru with:
You certificate is presented below: (original language: Ваш сертификат предоставлен ниже)
-----BEGIN CERTIFICATE-----
[values]
-----END CERTIFICATE-----
Root certificate (original language: Корневой сертификат)
-----BEGIN CERTIFICATE-----
[values]
-----END CERTIFICATE-----
Intermediate certificate (original language: Промежуточный сертификат)
-----BEGIN CERTIFICATE-----
[values]
-----END CERTIFICATE-----
Request for a certificate (original language: Запрос на получение сертификата)
-----BEGIN CERTIFICATE REQUEST-----
[values]
-----END CERTIFICATE REQUEST-----
Save the private key on the local computer (original language:Сохраните приватный ключ на локальном компьютере.)
-----BEGIN RSA PRIVATE KEY-----
[values]
-----END RSA PRIVATE KEY-----
But my IIS requires .cer file, what have I to do to get .cer file?

Oh, I find a solution
go here
https://www.sslshopper.com/ssl-converter.html
create pfx file from first certificate, private key, Intermediate certificate and root sertificate
click import in iis server sertificates page and select this file.
(Maybe my problem because of service reg.ru)

Related

Splitting out pem key into CA, Cert and Key

I have been supplied with a signed certificate in .pem format and wanted to know if there was a way to split it into 3 separate files for CA, Cert and Key? I need to ingest this into Vault using IAC and a series of scripts and the method/code we are using requires 3 separate files. Any help would be greatly appreciated.
The format of the key is as follows. I can establish that the first block is the private key but not sure how to establish the other blocks? is there a way using OpenSSL I can determine this?
-----BEGIN RSA PRIVATE KEY-----
----- END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Thanks.

Create a PFX File from GoDaddy Issued Private Key and Wildcard Certificate

I recently purchased a wildcard SSL certificate from GoDaddy and I need to convert it to a pfx file.
First, GoDaddy gave me two text blobs in their web UI, a CSR and Private Key:
CSR:
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAUICAQAwFzEVMBMGA1UEAwwMKi5jeW50aGlhLmlvMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcxAT8EtKxb4BSCRYBYcTDt8DgR/Fe/rjBpl
...
Private Key:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNzEBPwS0rFvgF
IJFgFhxMO3wOBH8V7+uMGmXDx+n3Mzvz9gk0nj/h5kX9RH+M9byS4iCfUZ8rURXQ
...
Next, I downloaded a Zip file containing two crt files and a pem file:
54994fbd90cc1fc8.crt
54994fbd90cc1fc8.pem
gd_bundle-g2-g1.crt
54994fbd90cc1fc8.crt
-----BEGIN CERTIFICATE-----
MIIGiDCCBXCgAwIBAgIIVJlPvZDMH8gwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
...
54994fbd90cc1fc8.pem
-----BEGIN CERTIFICATE-----
MIIGiDCCBXCgAwIBAgIIVJlPvZDMH8gwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
...
gd_bundle-g2-g1.crt
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT
MSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdv
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
...
-----END CERTIFICATE-----
I need to generate a pfx file for my cloud provider.
I tried this command:
openssl pkcs12 -export -out cert.pfx -inkey generated-private-key.txt -in 54994fbd90cc1fc8.pem
But I got this error:
unable to load private key
4530953728:error:0909006C:PEM routines:get_name:no start
line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
The file generated-private-key.txt has 400. permissions:
-r--------# 1 david staff 1707 Oct 24 20:12 generated-private-key.txt
How do I generate a pfx file from the files I have? Should I generate my own private key with ssh-keygen and then re-key with a new CSR in the GoDaddy UI?
This turned out to be because the key was in UTF8-BOM instead of UTF8 format.

Comodo Essentials SSL: Vestacp "SSL intermediate chain is not valid"

I'm trying to install Comodo Essential SSL via Vestacp here's that I did. I opened www_example_com.crt and copied the digest and pasted it into SSL Certificate box then opened www_example_com.key used to generate the ssl at the beginning which starts with -----BEGIN PRIVATE KEY----- and pasted the digest into SSL Key box then copied the digest of the other 3 files in this order into one file and copied the whole digest and pasted it into SSL Certificate Authority / Intermediate box but I get SSL intermediate chain is not valid
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
SectigoRSADomainValidationSecureServerCA.crt
Final digest looks like this
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
I checked the certificate and the key and have no issue using https://www.sslshopper.com/certificate-key-matcher.html
I restored a back up so the key file doesn't exist on the server now does it matter? It's the first time I try to install SSL so please assist. Thanks in advance.
The Authority digest must be the content of these files in this order
SectigoRSADomainValidationSecureServerCA.crt
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt

How to install a ssl sertificate from diffrent server to my server,

I want to create a website in my IIS server, (website already has ssl certificate).
So i created a site, I have the certificate details which contains certificate, private key , CA certificate (all in one text file).
I havent created a csr request for this, But i need to install this certififcate in my system.
When i followed the steps in complete cerififcate request, first it got added, but when i refresh and came back it was gone.
Please help me how to install certififcate from other server, without creating csr request.?
i have:
1)Certificate:
2)Private key (.key)
3)CA certificate (-ca.crt)
in the text file.
You can do this with just built-in tool certutil.exe which is shipped with every Windows installation.
make sure SSL certificate file and private key file are stored in the same folder and have same name: mycert.cer and mycert.key, for example. Certificate will have .cer file extension, key file will have .key file extension.
run the following command: certutil -mergepfx path\mycert.cer path\mycert.pfx
this command will merge SSL certificate and private key into PFX container. Enter password when prompted.
You need to convert the text file into *.pfx file so that you can import it on IIS
Open the .key via notepad copy the content and save it in a new notepad say abc.txt
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJl/Dwe2tzd5Z6
L4fWpUDVP6FDE9Tc0ViHlICsopxPumysltLwuLFCsc9gCOOURc6n0ej2XQoBJeuetqTIRZQ3VOlHqcmxdBTaAxw5iQ==
-----END PRIVATE KEY-----
Now open the certificate via notepad copy the content and paste it in the same abc.txt notepad
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
Open the -ca.crt via notepad copy the content and paste it in the same abc.txt file (this file will contain intermediate and root certificates)
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----
At the end, your abc.txt file will have something like this
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJl/Dwe2tzd5Z6
L4fWpUDVP6FDE9Tc0ViHlICsopxPumysltLwuLFCsc9gCOOURc6n0ej2XQoBJeue
tqTIRZQ3VOlHqcmxdBTaAxw5iQ==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----
Download OpenSSL from here
Ones installed copy the abc.txt and paste it in the bin path of OpenSSL (e.g. C:\OpenSSL\bin)
Open the CMD, change directory to the bin folder of OpenSSL and paste the below command in CMD
openssl pkcs12 -export -in abc.txt -out xyz.pfx
give any password
You can use the xyz.pfx to import on IIS by using the same set of password

SSL Intermediate SHA2

I've installed a SSL certificate on my Website, but the intermediate.crt isn't working.
Any SSL Checker (e.g. GeoTrust Checker) told me, that an intermediate key is missing.
On the website a SSL certificate was already in use, only the switch from SHA1 to SHA2 is new.
I use this structure:
-----BEGIN CERTIFICATE-----
(Secondary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Primary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----
Who has an idea to solve this problem?
I solve it.
It was the wrong reference to the intermediate