Certificate issue: KEY or PFX from P7B and CRT

19
votes

I'm new to the certificates, and this is a first time I bought it.

I generated CSR file (in IIS) and bought certificate using GoDaddy web site. They sent me two files: P7B and CRT. Since I will use the certificate for Azure Web role, I need PFX. How can I create it using only CSR, P7B, and CRT?

3
certificatessl-certificatex509certificatepfx
You can't. The key was generated in IIS and it didn't leave your system. The key still resides somewhere where IIS has stored it. You need to read documentation regarding the whole process to learn how to get your key now and/or merge it with the certificate (in CRT file) to get something usable.Eugene Mayevski 'Callback

3 Answers

14
votes

Finally I managed to do that. In IIS I selected Complete Certificate Request, installed the CRT certificate, and then used Export option to save it as PFX.

4
votes

Since I will use the certificate for Azure Web role, I need PFX

Although my target server is Nancy, I'm posting the answer because it's relevant to the process of generating a PFX cert.

A Nancy-based project required a trusted cert. I found procedures to setup a self-signed using a PFX cert, Enabling SSL for Self Hosted Nancy, but it wasn't obvious how to proceed with GoDaddy certs. Digging around, I found an answer at a commercial SSL site.

So I created the CSR using OpenSSL, ordered and fetched my cert package from GoDaddy, and then managed to generate a PFX also using OpenSSL as described below.

As a side note for Nancy, I installed the PFX locally using the following

c:> certutil -importPFX certname.pfx

described here @ https://stackoverflow.com/a/33351095/241296

Maybe it's possible to completely bypass local IIS for the Azure PFX requirements.

Create a .pfx/.p12 certificate file using OpenSSL @ ssl.com

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt

Breaking down the command:

  • openssl – the command for executing OpenSSL
  • pkcs12 – the file utility for PKCS#12 files in OpenSSL
  • -export -out certificate.pfx – export and save the PFX file as certificate.pfx
  • -inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate.
  • -in certificate.crt – use certificate.crt as the certificate the private key will be combined with.
  • -certfile more.crt – This is optional, this is if you have any additional certificates you would like to include in the PFX file.

I used the -certfile option to specify the GoDaddy bundle:

openssl pkcs12 -export -out my.pfx -inkey my.key -in my.crt -certfile gd_bundle-g2-g1.crt
3
votes

You can follow the steps provided on the support for installing SSL certificate.

Extracts from the above link.

Important Note: : To export the certificate in .pfx format you need to follow the steps on the same machine from which you have requested the certificate.

enter image description here