I have .crt file and .key file and I want to use SSL for my web application. I have tried with option "Complete Certificate Request" to import certificate in IIS, but it show certificate imported and actually it is, but when I edit binding, it won't display in selection in IIS.
My certificate does not have private key, I have it separately, in a .key file.
Can you help me to fix this? Is there any way to combine key and certificate?
You need to make p12 (pfx) file from .key and .crt. You can use openssl do make it.
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -name "friendlyname_for_certificate"
Then import certificate.pfx into LocalMachine\My store. It should be available in IIS.
IIS display certificate in selection if certificate has private but my certificate doesn't contain it and I have it in separate file. So I combined both using OpenSSL given below command. It creates new pfx file and we need to import it in IIS and it display that certificate in selection.
openssl pkcs12 -export -in cert.crt -inkey privatekey.key -out mycert.pfx
Related
I need to create a custom certificate for my dynamics portal to use implicit grant flow. I create certificate with command
certbot certonly --manual --preferred-challenge dns
I then create pfx with the openssl command
openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:SOMEPASSWORDHERE
However I get the error when trying to upload it to the power platform admin centre
The password entered is incorrect or the encryption method used by the
certificate is not supported.
So then tried the following command to create the pfx with triple des using
openssl pkcs12 -export -descert -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:SOMEPASSWORDHERE
But am still getting the same error. As far as I can see the certificate meets requirements of:
Signed by a trusted certificate authority.
Exported as a password-protected PFX file.
Contains private key at least 2048 bits long.
Contains all intermediate certificates in the certificate chain.
Must be SHA2 enabled; SHA1 support is being removed from popular browsers.
PFX file must be encrypted with TripleDES encryption. Power Apps portals doesn't support AES-256 encryption
The only thing I can think is the pfx isn't getting encrypted with 3des but looking at the openssl documentation the -descert command should take care of that. Am I missing something here?
I have a trusted certificate chain, a certificate issued by this chain and private key file for this certificate.
I want to create a P12 / PFX for this, so I can put it as client certificate in the windows store:
OpenSsl Pkcs12 -export -nokeys
-certfile mytrustedCertifcates.pem^
-inkey myPrivateKey.Key^
-in myCertificate.crt^
-out myCertificate.P12
Alas, the resulting file contains all trustedCertificates. If I import the P12 in my windows certificate store, I import the complete certificate chain, although they are already in the certificate store.
I also tried options: (from OpenSsl command line utilities, also in -help)
-nocerts don't output certificates.
-clcerts only output client certificates.
Alas, the P12 still contains the complete certificate chain, and importing the P12 imports the complete chain again.
BartonJs gave the answer in a comment (thank you BartonJs!):
leave out the --certfile parameter:
OpenSsl Pkcs12 -export -nokeys
-name some friendly name
-inkey myPrivateKey.Key^
-in myCertificate.crt^
-out myCertificate.P12
nokeys: leaves out the PEM password
name: the friendly name that will appear in column friendly name of the winstore
inkey and in are the input certficate with its private key
out is the name of the file to produce.
After importing it in the windstore (command: certlm.msc), It propertly says:
Issued to:
Issued by:
Expiration date
Intended purposes
Friendly name:
I used openSSL to create a .key and .csr file.
openssl req -new -newkey rsa:2048 -passout pass:myPassword -nodes -out myDomainName.csr -keyout myDomainName.key
I know the .csr file needs to be submitted to the certificate authority, but my asp net core object is expecting a .pfx file as input (I think)... how do I get the .pfx file ?? Do I convert the .key to .pfx somehow?
options.Listen(ipAddress, 443, listenOptions => {
listenOptions.UseHttps("myCertificate.pfx" /* how to get this file? */, password);
});
A csr (Certificate Signing Request) file is used by a Certificate Authority to create an SSL for you, which is the one that you use in your app, there is no conversion from csr to pfx you can do locally.
Note: They do not need your private key for this.
For a free alternative you can use this CA
Yes you can convert certificate csr + key files to pfx on your local machine by using openssl (understanding csr as certificate request and key as certificate private key).
To do so, you need to go into bin directory in openssl (at my machine it is located in c:\Program Files\OpenSSL-Win64\bin), copy there your csr + key files and run these two commands:
First you need to make a crt from csr + key
openssl x509 -req -in certificate.csr -signkey key.pem -out certificate.crt
Next you make pfx from crt + key
openssl pkcs12 -export -in certificate.crt -inkey key.pem -out certificate.pfx
Where key.pem is a file with your private key, and certificate.csr is a file with csr.
Done!
Of course you may want to use different options than defaults for your target key, so in that case please read more about openssl.
I'm sure that this has been asked you several times, but solutions to that cases didn't work for me. So I need your help.
Consider x.root.cer is CA's certificate, x.app.cer is Application's certificate signed by CA's certificate, and x.app.private.pem is Application's private key.
I'm using following command in order to create pfx file (want to include both private key and certificate of application).
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx -certfile x.root.cer
Even though I know (can see) that 3 files are there, I'm getting the following error:
unable to load certificates
Can you please help me about this error?
Well, finally I suceeded with this command
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx
That means I shouldn't use -certfile parameter.
I am having some serious problems with regards to being able to create a p12 file to place on my windows server.
I have used two different websites to be able to help me work out what i need to do:
http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
The second website i used was a comment from within the website was the following:
http://arashnorouzi.wordpress.com/2011/06/19/sending-apple-push-notifications-in-asp-net-and-c-–-part-4-apns-sharp-c-wrapper-class/
First of all i create a Certificate signing request.
I then upload this to my app ID which alows me to generate a ape_dev certificate.
I then go to my key chain and navigate to the "keys" i export the .p12 certificate that i just created.
I now have three different files
My p12 file, my development certificate and my certificate signing request.
I then open terminal and i type the following:
$ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
This then creates a new pem certificate.
The thing i type is the following
$ openssl pkcs12 -nocerts -out PushChatKey.pem -in PushChatKey.p12
It prompts for the password which i enter, i use the same password as the one when i created the certificates.
After i have done this I'm left with 2 new files both of which are PEM files.
I need to combine both of these PEM files into one p12 file for it to be able to work on my windows server.
I have tried combining it using the following line
openssl pkcs12 -export \
-in aps_developer_identity.pem \
-out aps_developer_identity.p12 \
-inkey APSCertificates.pem
This in fact works and gives me a p12 file.
I then switched back to he raywenderlich website and i typed the following:
$ openssl s_client -connect gateway.sandbox.push.apple.com:2195
-cert PushChatCert.pem -key PushChatKey.pem
It loads but i recieve the following error:
error:num=20:unable to get local issuer certificate
Please does any one know what im doing wrong im so fed up of going round in circles.
When i upload the certificate to the server and put the ad-hoc version off the application on the device im still not receiving any notifications that i am sending
Thanks in advance.
See if this answer helps Creating .pem file for APNS?
In short: openssl pkcs12 -in apns-dev-cert.p12 -out apns-dev-cert.pem -nodes -clcerts
When you first generated your CSR, you did it with a private key. This can be opaque depending on how you did it. What I do is generate the key with openssl and then make the CSR using that key. That key is then the 'in key' when you make the p12.
Here are my steps
The first step is to generate a Certificate Signing Request. This is the same as it would be for any SSL cert. You will need a private key for this.
openssl genrsa -out aps_development.key -passout pass:foobar 2048
Then you can make the CSR using that key you just created
openssl req -new -key aps_development.key -out CertificateSigningRequest.certSigningRequest -subj "/emailAddress=yourAddress#example.com, CN=John Doe, C=US"
From here you will go to developer.apple.com and revoke the current APN cert and make a new one. It will ask for your CSR and when its done it will give you a .cer file.
Convert the .cer file into a DER formatted .pem file (assuming aps_development.cer is the file you got in the download from the Apple developer site).
openssl x509 -in aps_development.cer -inform DER -outform PEM -out aps_development.pem
Convert the .pem to a .p12. You'll note that you are supplying the key file you made at the beginning of step 1. You will need the password you supplied there.
openssl pkcs12 -export -in aps_development.pem -inkey aps_development.key -out aps_development.p12