We Keep Coding

Splitting out pem key into CA, Cert and Key

I have been supplied with a signed certificate in .pem format and wanted to know if there was a way to split it into 3 separate files for CA, Cert and Key? I need to ingest this into Vault using IAC and a series of scripts and the method/code we are using requires 3 separate files. Any help would be greatly appreciated.
The format of the key is as follows. I can establish that the first block is the private key but not sure how to establish the other blocks? is there a way using OpenSSL I can determine this?
-----BEGIN RSA PRIVATE KEY-----
----- END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Thanks.

Create a PFX File from GoDaddy Issued Private Key and Wildcard Certificate

I recently purchased a wildcard SSL certificate from GoDaddy and I need to convert it to a pfx file.
First, GoDaddy gave me two text blobs in their web UI, a CSR and Private Key:
CSR:
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAUICAQAwFzEVMBMGA1UEAwwMKi5jeW50aGlhLmlvMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcxAT8EtKxb4BSCRYBYcTDt8DgR/Fe/rjBpl
...
Private Key:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNzEBPwS0rFvgF
IJFgFhxMO3wOBH8V7+uMGmXDx+n3Mzvz9gk0nj/h5kX9RH+M9byS4iCfUZ8rURXQ
...
Next, I downloaded a Zip file containing two crt files and a pem file:
54994fbd90cc1fc8.crt
54994fbd90cc1fc8.pem
gd_bundle-g2-g1.crt
54994fbd90cc1fc8.crt
-----BEGIN CERTIFICATE-----
MIIGiDCCBXCgAwIBAgIIVJlPvZDMH8gwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
...
54994fbd90cc1fc8.pem
-----BEGIN CERTIFICATE-----
MIIGiDCCBXCgAwIBAgIIVJlPvZDMH8gwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
...
gd_bundle-g2-g1.crt
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT
MSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdv
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
...
-----END CERTIFICATE-----
I need to generate a pfx file for my cloud provider.
I tried this command:
openssl pkcs12 -export -out cert.pfx -inkey generated-private-key.txt -in 54994fbd90cc1fc8.pem
But I got this error:
unable to load private key
4530953728:error:0909006C:PEM routines:get_name:no start
line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
The file generated-private-key.txt has 400. permissions:
-r--------# 1 david staff 1707 Oct 24 20:12 generated-private-key.txt
How do I generate a pfx file from the files I have? Should I generate my own private key with ssh-keygen and then re-key with a new CSR in the GoDaddy UI?

This turned out to be because the key was in UTF8-BOM instead of UTF8 format.

Comodo Essentials SSL: Vestacp "SSL intermediate chain is not valid"

I'm trying to install Comodo Essential SSL via Vestacp here's that I did. I opened www_example_com.crt and copied the digest and pasted it into SSL Certificate box then opened www_example_com.key used to generate the ssl at the beginning which starts with -----BEGIN PRIVATE KEY----- and pasted the digest into SSL Key box then copied the digest of the other 3 files in this order into one file and copied the whole digest and pasted it into SSL Certificate Authority / Intermediate box but I get SSL intermediate chain is not valid
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt
SectigoRSADomainValidationSecureServerCA.crt
Final digest looks like this
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
I checked the certificate and the key and have no issue using https://www.sslshopper.com/certificate-key-matcher.html
I restored a back up so the key file doesn't exist on the server now does it matter? It's the first time I try to install SSL so please assist. Thanks in advance.

The Authority digest must be the content of these files in this order
SectigoRSADomainValidationSecureServerCA.crt
AddTrustExternalCARoot.crt
USERTrustRSAAddTrustCA.crt

How to install a ssl sertificate from diffrent server to my server,

I want to create a website in my IIS server, (website already has ssl certificate).
So i created a site, I have the certificate details which contains certificate, private key , CA certificate (all in one text file).
I havent created a csr request for this, But i need to install this certififcate in my system.
When i followed the steps in complete cerififcate request, first it got added, but when i refresh and came back it was gone.
Please help me how to install certififcate from other server, without creating csr request.?
i have:
1)Certificate:
2)Private key (.key)
3)CA certificate (-ca.crt)
in the text file.

You can do this with just built-in tool certutil.exe which is shipped with every Windows installation.
make sure SSL certificate file and private key file are stored in the same folder and have same name: mycert.cer and mycert.key, for example. Certificate will have .cer file extension, key file will have .key file extension.
run the following command: certutil -mergepfx path\mycert.cer path\mycert.pfx
this command will merge SSL certificate and private key into PFX container. Enter password when prompted.

You need to convert the text file into *.pfx file so that you can import it on IIS
Open the .key via notepad copy the content and save it in a new notepad say abc.txt
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJl/Dwe2tzd5Z6
L4fWpUDVP6FDE9Tc0ViHlICsopxPumysltLwuLFCsc9gCOOURc6n0ej2XQoBJeuetqTIRZQ3VOlHqcmxdBTaAxw5iQ==
-----END PRIVATE KEY-----
Now open the certificate via notepad copy the content and paste it in the same abc.txt notepad
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
Open the -ca.crt via notepad copy the content and paste it in the same abc.txt file (this file will contain intermediate and root certificates)
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----
At the end, your abc.txt file will have something like this
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJl/Dwe2tzd5Z6
L4fWpUDVP6FDE9Tc0ViHlICsopxPumysltLwuLFCsc9gCOOURc6n0ej2XQoBJeue
tqTIRZQ3VOlHqcmxdBTaAxw5iQ==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIG5jCCBc6gAwIBAgIQUERflom9AJ4ssjDKLPM3SDANBgkqhkiG9w0BAQsFADBB
bS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBv
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAC
B7MDaIXp7iniBRfFT3MOMm2Bs3Mju2Hwfhrgg7sf96iQzZkzAU6Mxdux
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----
Download OpenSSL from here
Ones installed copy the abc.txt and paste it in the bin path of OpenSSL (e.g. C:\OpenSSL\bin)
Open the CMD, change directory to the bin folder of OpenSSL and paste the below command in CMD
openssl pkcs12 -export -in abc.txt -out xyz.pfx
give any password
You can use the xyz.pfx to import on IIS by using the same set of password

SSL Intermediate SHA2

I've installed a SSL certificate on my Website, but the intermediate.crt isn't working.
Any SSL Checker (e.g. GeoTrust Checker) told me, that an intermediate key is missing.
On the website a SSL certificate was already in use, only the switch from SHA1 to SHA2 is new.
I use this structure:
-----BEGIN CERTIFICATE-----
(Secondary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Primary Intermediate Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----
Who has an idea to solve this problem?

I solve it.
It was the wrong reference to the intermediate