Convert Godaddy certificate to .pfx file

openssl
17,770

First off, you normally generate a certificate request with your private key and then give the request to the CA (Go Daddy in this instance). That way the CA does NOT get there hands on your private key.

If you just asked for a certificate without a certificate request then the CA will have to have generated a private key for you (not really a good idea as this is the key to using your certificate and now the CA has access to it...). If you did this then the CA must supply you with the private key along with any password set on it (if any).

It is also recommended that you also get the intermediate certificates between your generated certificate to the CA root certificate. These are useful as some clients will not be able to connect to your server without them being supplied e.g. firefox browser.

So you want to combine the private key, CA supplied public certificate and the CA intermediate certificates into a PFX file to be used by your web server.

The private keys can be in one to two main formats:

  • DER - this is a binary format
  • PEM - this is a text format - it's a base64 version of the DER format with headers and footers around it.

The certificate keys can come in a number of formats but the most likely are: - DER - this is a binary format - PEM - this is a text format - it's a base64 version of the DER format with headers and footers around it.

The file extensions are not always the best indicators of what the format is. Try viewing them in a text editor to see if it looks like binary or base64 text with headers and footers around them.

The basic command in openssl to generate a PFX file is the pkcs12 command.

You would normally do something like:

openssl pkcs12 -export -out name.pfx xxx

Where "xxx" depends on the what you have to supply. If for example you have:

  • key.pem - private key in pem format
  • cert.pem - public key in pem format
  • inter.pem - CA intermediate certificate in pem format

then the whole command will be:

openssl pkcs12 -export -out name.pfx -inkey key.pem -in cert.pem -certfile inter.pem

If you don't want to include the inter.pem just drop the "-certfile inter.pem" argument.

If any of your files are in the DER format you will need to convert them to PEM format first.

For certificates you use the openssl x509 command like this:

openssl x509 -in cert.der -inform der -out cert.pem

Converting private keys will depend on the type of private key using the openssl rsa or ec commands. The command format is basically the same for converting keys are certificates but your use the rsa or ec instead of x509.

Share:
17,770

Related videos on Youtube

Maris
Author by

Maris

Updated on July 24, 2022

Comments

  • Maris
    Maris over 1 year

    I got an ssl certificate from GoDaddy and downloaded the certicate and two text files. I need a pfx file for an Azure Web Service app. Godaddy sent me two .crt files and two text files one of which is a text titled "generate-private-key.txt". Question 1 : is the private key text file valid input as a key file for the OpenSSL pfx file conversion utility. Question 2 : Is there any indication in the .crt file name on which file to use as input to the OpenSSL utility.

  • Maris
    Maris almost 5 years
    Clicking on the either of the .crt files opens the a Certificate window with three tabs. The details tab has a Copy to File button with a which renders an export wizard with raio buttos for the vatous formats :
  • Maris
    Maris almost 5 years
    sorry - continued : the choices are : DER encoded binary x.509; Base-64 encoded X.509; Cryptographic Message Syntax Standard - PKCS #7 Certficates (.P7B) with an option to include all certificates in the certification path if possible.
  • Maris
    Maris almost 5 years
    continued again (that pesky Enter key) : Two other options are : Personal Information Exchange -PKCS #12 (.PFX) and Microsoft Serialized Certificate Store (.SST). Both of these selections are grayed out. The main issue is that I have a 25 line node.js app that renders a geolocation Google map published as an Azure Web App that works intermittently. Google maps js API requires SSL to work properly. Microsoft docs indicate to use a PFX file to install a cert on a custom domain in Azure App Services. Not being a cert expert I need some clarity on this issue.
  • Shane Powell
    Shane Powell almost 5 years
    If you can bring up the certificate window, then the file is in DER format as windows doesn't really support PEM very well. Base64 encoded x509 is PEM format.
  • Shane Powell
    Shane Powell almost 5 years
    The options are greyed out because it's a single certificate file and .pfx / .sst are "containers" of certificates. There is no point in converting a single certificate to a container of one. If you did that in the Certificate manager application then those options may light up allowing you to export from the certificate store to a file.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I use OpenSSL 1.1.1 in Ubuntu 22.04?
Cannot connect to wss with Flutter
Easy-RSA index.txt, serial and duplicates
MD5 HMAC With OpenSSL
Composer -- > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
How do I get an ECDSA public key from just a Bitcoin signature? ... SEC1 4.1.6 key recovery for curves over (mod p)-fields
Encryption and Decryption using C++
What is --openssl-legacy-provider in NPM?
Decrypt with the public key using openssl in commandline
Apache 2.4.37 with openssl 1.1.1: cannot perform post-handshake authentication