A little bit of context:
I used to generate CSRs from IIS "Create certificate request", import that in my provider (GoDaddy) and get a .crt in return. Then I used to go again to IIS to "Complete certificate request" and generate the .pfx
I want to automate this process as much as possible including importing the CSR to GoDaddy and downloading the .crt file.
Right now I was able to automate the CSR creation with certreq.exe but note sure how to complete the request using powershell to create the .pfx when I have the .crt file from GoDaddy. I know I can do it with openssl but I'm missing the private key.
I think when I create the CSR request with certreq.exe, it generates the .pfx on "MMC > Certificate Enrollment Requests" which has the private key so I was wondering if every time I request the CSR, I have to export that .pfx and with openssl extract the private key to use it with my.crt file from GoDaddy?
Hopefully I was able to explain correctly what I'm trying to accomplish and somebody can help me with this.
Related
I'm having trouble understanding how to get/generate a private key for some certificates I requested.
I've created a CSR using the DigiCert Certificate Utility for Windows, which gave me a csr.txt file as an output but no .key file.
Then I proceeded to request the certificates by inserting the above mentioned CSR in the Certificate Management portal of my company.
Now I have received the p7b files and the related CSRs, but no private keys: is it possible to generate it now?
Thanks in advance,
Tommaso
Use the import function of the DigiCert Certificate Utility for Windows. The key is stored on software in the machine where the CSR was created. After the import the key and the certificate are associated and should be in the Windows certificate Store. If the key was generated with the exportable flag, you can export a PKCS#12 and convert that to a key file using openSSL.
A csr was created through certreq and is not showing in the Certificate Enrollment Request store causing inability to complete the certificate. I have tried importing the CSR into the Certificate Enrollment Request Store and get the file type is not recognizable. Any suggestion on how to get the CSR into that folder would be appreciated
I ONLY have .crt file with me which I purchased from Comodo. No private key or any thing. How can I use this to sign my code and get rid of "publisher unknown" issue in my installer. I have used Inno-Setup for creating the installer too. Code is in C Sharp. I tried to use sign tool and openssl but I don't have any other file than this user.crt file. I just can get .cer format using .crt and thats all. Appreciate any help
Usually, you need sign the application from PC where you are registered Comodo certificate. The private key saved by your browser in the local storage.
You cannot sign files with a public key only.
You need the private key.
If it were possible to sign files with a public key only, anyone could sign malicious content with your public key.
I have created the .pvk and .cer files using the makecert.exe (on commandline) as per - https://msdn.microsoft.com/en-in/library/ff699202.aspx
In my folder the .pvk and .cer files are available. However, when I run the pvk2pfx utility, the .pfx is not created instead I get a prompt for how to use the utility.
Attached is the screenshot of the cmd prompt. I've also tried it at the MSVC bin folder and the behavior is the same.
Kindly help.
makecert and pvk2pfx - Command Screen Shot
You need code sign certificate with private key. Generate request, send it to CA, buy code sign certificate, place certificate into certificate store and use signtool. Specify thumbprint of codesign certificate when using signtool.
More info can be found here.
Documentation on signtool can be found here.
I purchased a wildcard certificate from GoDaddy and I want to associate this certificate with a website on AppHarbor.
AppHarbor only allows me to upload a PFX certificate. So, how do I convert a .CRT to a .PFX?
If the contents of the .CRT files is a base-64 encoded certificate and it starts with BEGIN CERTIFICATE, you can dispense with the .pfx file and use keypair certificate entry method on AppHarbor.
PFX is the private information exchange format (Windows calls them like this) and is actually the PKCS12 keystore.
All you have to do is import the certificate in your keystore that already has your private key and use that. You don't need to transform the certificate