Mar 31, 2018 Specifically, I needed 3 separate files: SSL Certificate File; SSL Certificate Key File (GoDaddy called this the Private Key) SSL Certificate Chain File (GoDaddy called this the CRT File) First, see if your download button is available to the zip for SSL Certificate Keyfile from GoDaddy. Login to GoDaddy. Jun 16, 2018 It can be converted to CRT and KEY files using SSL: openssl pkcs12 -in certfile.pfx-nocerts -out keyfile-encrypted.key. When you enter this command you will be asked to type in the pfx file password in order to extract the key. You will be asked to enter a passphrase for the encrypted key. The key will be stored in keyfile-encrypted.key.
You have a private key file in an openssl format and have received your SSL certificate. You'd like now to create a PKCS12 (or .pfx) to import your certificate in an other software?
Here is the procedure!
On Windows, the OpenSSL command must contain the complete path, for example:
c:openssl-win32binopenssl.exe ..)
You will be asked to define an encryption password for the archive (it is mandatory to be able to import the file in IIS). You may also be asked for the private key password if there is one!
You can now use the file file final_result.p12 in any software that accepts pkcs12! For IIS, rename the file in .pfx, it will be easier.
Alternatively, if you want to generate a PKCS12 from a certificate file (cer/pem), a certificate chain (generally pem or txt), and your private key, you need to use the following command:
When we have multiple servers and we need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard SSL certificates, you will need to transfer the certificates between the servers. Normally, server to server SSL transfer will be easy if it's between servers of the same kind like Linux servers or Windows Servers.
But the process becomes a bit harder when it comes to a Windows to a Linux server. In this case, we need to export the SSL certificates from the Windows server and store to .pfx file. After that, we need to copy this .pfx (PKCS#12/)file to the Linux server and convert that file to an Apache-compatible file format like individual certificate, CA bundle and private key files and use it.
This may also be necessary when you switch hosting companies. I will explain the exact process with step-by-step instructions in this article on how you can successfully use a .pfx certificate from the Windows server on a Linux server running Apache.
Before, starting with our conversion process, let me give you a quick description about the difference between the .pfx and .crt file. Basically, a certificate (.crt file) is a container for the public key. It includes the public key, the server name, some extra information about the server, and a signature computed by a certification authority (CA). While SSL handshaking, the server sends its public key to a client, which actually contains its certificate, with a few other chains of certificates.
In other hands, a .pfx file is a PKCS#12 archive resembling a bag which can contain a lot of objects with optional password protection. Normally, a PKCS#12 archive contains a certificate (possibly with its assorted set of CA certificates) and its corresponding private key.
Let's begin with our conversion process now. Untrusted x11 forwarding setup failed: xauth key data not generated email.
First of all, I've exported my certificate to a .pfx certificate from the Windows server for my domain puebe.com. And I've copied that pfx file to my Linux server using SCP from my local system to the folder '/transfered_certificates/'. You can use FTP, SCP, wget or use any of these methods to transfer the pfx certificate to your Linux server.
# transfered_certificates]# ll
-rw-r--r-- 1 root root 5409 Oct 9 10:02 c667cafbf01ffd7310db952e50eaf2b2.pfx
Our next step is to extract our required certificate, key and CA bundle from this .pfx certificate for the domain puebe.com. We can use OpenSSL command to extract these details from the pfx file. Let's see the commands to extract the required information from this pfx certificate.
We can use this command to extract the certificate details for the domain puebe.com from the pfx file.
This will provide us with our domain certificate file namely puebe.com.crt
with a compatible format which supports in Linux.
We can use this command to extract the key details for the domain puebe.com from the pfx file.
This will provide us with our domain key file namely puebe.com.key
We can use this command to extract the chain of certificate details from the pfx file.
This will provide us with our chain of certificates for our domain puebe.com in the file puebe.com-ca.crt
.
I copied these extracted files to my cert folder under '/etc/pki/tls/certs/'. You can do this if required, but if not then you can directly specify the folder path in the Apache configuration to which you have extracted these files.
After you have converted the .pfx file, you will need to copy the newly created files to the Apache server and edit your Apache configuration file to use them. I've created a Virtual host for my domain under the /etc/httpd/conf.d/ folder to enable SSL and included these extracted files as required. Please see my Virtual host details below:
You can modify the names of the files and paths to match your certificate files:SSLCertificateFile
should be your primary certificate file for your domain name.SSLCertificateKeyFile
should be the key file extracted.SSLCertificateChainFile
should be the intermediate certificate chain file.
Just make sure to run a configuration test and restart the Apache service once you're done with this.
Now you can confirm your domain SSL certificate using any of the SSL checker tools available. Or you can just browse the URL >>https://puebe.com/
. I've verified my SSL installation in the link >>https://www.sslshopper.com/ssl-checker.html#hostname=puebe.com
This is how we can easily transfer certificates from a Windows server to a Linux Distro. I hope this article is informative and useful for you. Please post your valuable comments and suggestions on this.