1

I used openSSL to create a .key and .csr file. 

openssl req -new -newkey rsa:2048 -passout pass:myPassword -nodes -out myDomainName.csr -keyout myDomainName.key

I know the .csr file needs to be submitted to the certificate authority, but my asp net core object is expecting a .pfx file as input (I think)... how do I get the .pfx file ?? Do I convert the .key to .pfx somehow?

options.Listen(ipAddress, 443, listenOptions => {
  listenOptions.UseHttps("myCertificate.pfx" /* how to get this file? */, password);
});
patrick
  • 16,091
  • 29
  • 100
  • 164

2 Answers2

2

A csr (Certificate Signing Request) file is used by a Certificate Authority to create an SSL for you, which is the one that you use in your app, there is no conversion from csr to pfx you can do locally.

Note: They do not need your private key for this.

For a free alternative you can use this CA

MarkovskI
  • 1,489
  • 2
  • 21
  • 25
  • This answer appears to be incorrect. _For a self signed cert_ I can confirm the other answer by Marcin does generate a certificate using a CSR and private key. – Joshua Enfield Mar 31 '23 at 18:59
  • That defeats the whole purpouse of the CSR, you're just generating a self signed cert and this might mislead people into a false sense of security. Also reffer to the following line in the question: `I know the .csr file needs to be submitted to the certificate authority` – MarkovskI Apr 08 '23 at 15:39
2

Yes you can convert certificate csr + key files to pfx on your local machine by using openssl (understanding csr as certificate request and key as certificate private key).

To do so, you need to go into bin directory in openssl (at my machine it is located in c:\Program Files\OpenSSL-Win64\bin), copy there your csr + key files and run these two commands:

  1. First you need to make a crt from csr + key

    openssl x509 -req -in certificate.csr -signkey key.pem -out certificate.crt

  2. Next you make pfx from crt + key

    openssl pkcs12 -export -in certificate.crt -inkey key.pem -out certificate.pfx

Where key.pem is a file with your private key, and certificate.csr is a file with csr.

Done!

Of course you may want to use different options than defaults for your target key, so in that case please read more about openssl.

Marcin
  • 479
  • 6
  • 11
  • Note if running this one windows with GitBash that the terminal may hang on the second step because of an I/O issue with gitbash and windows. You can add `-passout pass:password123` as one option to get around this https://stackoverflow.com/a/38202633/299408 – Joshua Enfield Mar 31 '23 at 19:09