Tuesday, September 20, 2016

Convert to .PFX certificate for Windows if you receive Server certificate (.crt) and Private key(.key)

Good day All,

Welcome back!!! We had a request to apply SSL for a website during the conversation it was suppose to be applied at F5 Load Balancer so the LB team took care of generating the certificate.

Little later client requirement changed and it was decided that SSL should be applied at Windows Web server and not on Load balancer and it should just redirect the traffic to web server.

So the LB team sent me the Certificate file which is .crt and a very confidential file is the .key file which has the private key for the certificate was sent only to authorized people.

Now i had to find a way to merge both so that i can generate a web server certificate with Privatekey embed.

Follow the below steps:

1.Got to following link https://slproweb.com/products/Win32OpenSSL.html and download either 32 bit or 64 depending on the OS



2. Its simple next,next installer and then you will see a folder called C:\OpenSSL-Win64 depending on which version you installed

3. Copy the .cert and .key file to following location C:\OpenSSL-Win64\bin

4.Open a Command Prompt with Administrative rights and change path to C:\OpenSSL-Win64\bin and run command as below in screen shot



Format of Certificate should be pkcs12
Dummy name to export the certificate as PFX
Private key path
Server certificate path
Friendly name
When you hit enter it will ask you set a password, remember that password or make a note if it..
After verifying then you will see that there is a file with .pfx extension generated as below



5. Now open certificate.MMC and import the .pfx and note during the import it will ask for the password you set during Step 4.



Enable the checkbox which says this key as exportable , in case for future use you want to export the certificate from certificate.mmc store.

6. Now open the certificate under personnel store and you will see now that the Server certificate has private key.





Let's assume you want to do vice versa that is you have .PFX certificate and you want to extract Private key(.key) for say Load balancer either F5 or Netscaller then you will have to follow the below steps


Import password is the password for the pfx
Enter Pem pass phrase is just a some password you will have to give

Note: the reason we have to do rsa temp key to private key is that it's observer without rsa command some spaces are in the key which when added to load balancer will through error.



The steps above helped and hopefully this will help someone too!!!!
Until next one all have great day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

No comments:

Post a Comment