So you are ready to add a signed certificate and private key to your web application. Here's one approach to making that happen.
Note, I'm using a Windows 10 workstation.
For the purpose of this post, we assume you already have a .pfx file from your certificate authority. (.pfx is a binary file. There are other file formats such as .pem (which is base64 encoded). If you have a .pem file you can convert it to .pfx and then follow these steps.)
- Save the .pfx file on your computer. In my examples below, the pfx file is saved at C:/Users/usernameGoesHere/.ssh
- Next you will need to extract the .key and .cer files from the .pfx:
- Ensure you have openssl installed.
- In this example the openssl.exe executable is installed at
/bin/openssl - From the dir on your workstation where you have the pfx file from your CA (in my example named my-site.com.pfx), run the following command:
echo QUIT | /bin/openssl.exe pkcs12 -in my-site.com.pfx -nocerts -out server.cer.key -nodes
NOTE: If you are using something other than the git bash command line emulator, you might not need the echo QUIT | part, and you can replace /bin/openssl.exe with just openssl.)
NOTE2: We have included the -nodes flag so that the key is not encrypted with an export key.
- Note that you now have a server.cer.key file in your directory.
- Next run this command to extract the .key:
echo QUIT | /bin/openssl.exe pkcs12 -in my-site.com.pfx -out server.cer -nokeys -clcerts
NOTE: same as above, (if you aren’t using git bash emulator, you might no need the first bit of the command)
Top comments (0)