We are able to store one certificate chain in the pkcs12 file. We want to store two certificate chains in one pkcs12 file. Is this possible ? If so, can you explain me how ?
Thanks.
Related
Examples using powershell use [Security.Cryptography.X509Certificates.X509Certificate2] to sign data. The data present here is in the form of what I believe is a Json Web Key (JWK).
How do you convert a JWK to a compliant cert that can be used by X509Certifate2?
https://www.googleapis.com/oauth2/v1/certs gives you the X509 certificates in PEM format, but I believe this endpoint is deprecated.
I apologize if this has been answered elsewhere, but I couldn't find anything that quite fit what I'm trying to do here.
I have a CA set up already on a Linux server, and I use it for creating OpenVPN certs. I want to utilize this existing infrastructure if I can.
What I intend to do, is create the signing certificate on my Linux server using easy-rsa, import that into a Server 2012 R2 environment, and sign it from there. After that, I'd import the necessary certs on the servers I'm deploying my scripts to.
Is this possible? Are there limits to the key size? What algorithms can I use? Is EC supported? If so, which curves?
All the literature I've come across talks about creating the CA on a Windows Server, so I'm at a bit of a loss here.
It took 3 years and I asked the same question, and the answer is - Yes!
Requirements: easy-rsa, openssl
Step 1: Generate RSA private key.
openssl genrsa -out MySPC.key
Step 2: Make certificate request.
openssl req -new -key MySPC.key -out MySPC.req
Step 3: Import certificate request to easyrsa.
easyrsa import-req MySPC.req MySPC
Step 4: Sign certificate request, and make SPC certificate.
easyrsa sign-req code-signing MySPC
Step 5: Make PFX.
openssl pkcs12 -export -out MySPC.pfx -inkey MySPC.key -in MySPC.crt -certfile MyCA.crt
Last step: Import PFX file to Windows Keystore.
Import PFX file to Trusted Publishers Certificate Store.
Now you can use this certificate to sign your powershell scripts and other executables!
What is the difference between a certificate in a .cer file and one in a .p12 file? Are they just in different formats?
How do I extract the private key and public key from the .p12 file? Can this be done using Java keytool?
Thanks in advance.
You can export from PKCS12 to JKS using Java Keytool.
Please check this link: https://www.tbs-certificates.co.uk/FAQ/en/626.html.
If you want something else. I can provide Java code for getting the certifcate and private key from PKCS12.
I'm new to the certificates, and this is a first time I bought it.
I generated CSR file (in IIS) and bought certificate using GoDaddy web site. They sent me two files: P7B and CRT. Since I will use the certificate for Azure Web role, I need PFX. How can I create it using only CSR, P7B, and CRT?
Finally I managed to do that. In IIS I selected Complete Certificate Request, installed the CRT certificate, and then used Export option to save it as PFX.
Since I will use the certificate for Azure Web role, I need PFX
Although my target server is Nancy, I'm posting the answer because it's relevant to the process of generating a PFX cert.
A Nancy-based project required a trusted cert. I found procedures to setup a self-signed using a PFX cert, Enabling SSL for Self Hosted Nancy, but it wasn't obvious how to proceed with GoDaddy certs. Digging around, I found an answer at a commercial SSL site.
So I created the CSR using OpenSSL, ordered and fetched my cert package from GoDaddy, and then managed to generate a PFX also using OpenSSL as described below.
As a side note for Nancy, I installed the PFX locally using the following
c:> certutil -importPFX certname.pfx
described here # https://stackoverflow.com/a/33351095/241296
Maybe it's possible to completely bypass local IIS for the Azure PFX requirements.
Create a .pfx/.p12 certificate file using OpenSSL # ssl.com
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt
Breaking down the command:
openssl – the command for executing OpenSSL
pkcs12 – the file utility for PKCS#12 files in OpenSSL
-export -out certificate.pfx – export and save the PFX file as certificate.pfx
-inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate.
-in certificate.crt – use certificate.crt as the certificate the private key will be combined with.
-certfile more.crt – This is optional, this is if you have any additional certificates you would like to include in the PFX file.
I used the -certfile option to specify the GoDaddy bundle:
openssl pkcs12 -export -out my.pfx -inkey my.key -in my.crt -certfile gd_bundle-g2-g1.crt
You can follow the steps provided on the support for installing SSL certificate.
Extracts from the above link.
Important Note: : To export the certificate in .pfx format you need to follow the steps on the same machine from which you have requested the certificate.
I'm trying to figure out how to install .csr certificate under Windows but probably the only way is to convert it to some other format (maybe with openssl) but I have no idea how.
Do you have any suggestion?
CSR file is the Certificate Signing Request. It contains the information which is needed to generate a certificate based on your private key and information about the WebSite.
CER is the certificate itself (which you install into your Web browser). There is basically no way to convert directly from one to another as you need a key to sign the certificate, but what can do is to generate a self-signed certificate (e.g. certificate signed by the same key which was used to generate it):
openssl x509 -req -in server.csr -signkey server.key -out server.crt