19

I'm new to the certificates, and this is a first time I bought it.

I generated CSR file (in IIS) and bought certificate using GoDaddy web site. They sent me two files: P7B and CRT. Since I will use the certificate for Azure Web role, I need PFX. How can I create it using only CSR, P7B, and CRT?

Vad
  • 858
  • 2
  • 7
  • 17
  • You can't. The key was generated in IIS and it didn't leave your system. The key still resides somewhere where IIS has stored it. You need to read documentation regarding the whole process to learn how to get your key now and/or merge it with the certificate (in CRT file) to get something usable. – Eugene Mayevski 'Callback Feb 01 '13 at 17:31

3 Answers3

14

Finally I managed to do that. In IIS I selected Complete Certificate Request, installed the CRT certificate, and then used Export option to save it as PFX.

Vad
  • 858
  • 2
  • 7
  • 17
4

Since I will use the certificate for Azure Web role, I need PFX

Although my target server is Nancy, I'm posting the answer because it's relevant to the process of generating a PFX cert.

A Nancy-based project required a trusted cert. I found procedures to setup a self-signed using a PFX cert, Enabling SSL for Self Hosted Nancy, but it wasn't obvious how to proceed with GoDaddy certs. Digging around, I found an answer at a commercial SSL site.

So I created the CSR using OpenSSL, ordered and fetched my cert package from GoDaddy, and then managed to generate a PFX also using OpenSSL as described below.

As a side note for Nancy, I installed the PFX locally using the following

c:> certutil -importPFX certname.pfx

described here @ https://stackoverflow.com/a/33351095/241296

Maybe it's possible to completely bypass local IIS for the Azure PFX requirements.

Create a .pfx/.p12 certificate file using OpenSSL @ ssl.com

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt

Breaking down the command:

  • openssl – the command for executing OpenSSL
  • pkcs12 – the file utility for PKCS#12 files in OpenSSL
  • -export -out certificate.pfx – export and save the PFX file as certificate.pfx
  • -inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate.
  • -in certificate.crt – use certificate.crt as the certificate the private key will be combined with.
  • -certfile more.crt – This is optional, this is if you have any additional certificates you would like to include in the PFX file.

I used the -certfile option to specify the GoDaddy bundle:

openssl pkcs12 -export -out my.pfx -inkey my.key -in my.crt -certfile gd_bundle-g2-g1.crt
bvj
  • 3,294
  • 31
  • 30
  • Where do you get the `.key` file? GoDaddy only gave me a `crt` and a `pem` and a `p7b`. – Richard Barraclough May 04 '22 at 16:42
  • 1
    @RichardBarraclough the `.key` file is usually generated along with the CSR that is subsequently submitted to the authority. Only the CSR is submitted. That key file should be kept in a secure location, and is ideally password encrypted. If you lose the _private_ `.key` file, you'll need to start over. Related [Generate CSR](https://www.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269) – bvj May 06 '22 at 03:23
3

You can follow the steps provided on the support for installing SSL certificate.

Extracts from the above link.

Important Note: : To export the certificate in .pfx format you need to follow the steps on the same machine from which you have requested the certificate.

enter image description here

sudhansu63
  • 6,025
  • 4
  • 39
  • 52