How to create certificate .cer file?

iis-7 ssl certificate
72,342

Solution 1

What you've been given is a Certificate (the public part, signed by a trusted party) and the associated key (the private part). In simple terms it's the private key that allows your app to sign stuff in a way that the remote party can then validate using the public part, the certificate. Your server needs to have both linked together so that protocols like SSL\TLS can work properly.

In your case you have been given a complete pair, not just the Cert. The format you have been given it is called PEM and unfortunately Windows Certificate Manager can't import that natively (to the best of my knowledge).

The quickest way I've found to convert it is to install OpenSSL somewhere and convert the file you have to PKCS#12 format using the following command. You will need to break the file you got from the CA into two parts, one containing the certificate block called "certificate.txt" and and one containing the private key block called "key.txt":

openssl pkcs12 -export -out mycertkey.p12 -in certificate.txt -inkey key.txt

Once you have the PKCS#12 format file you can import it into Windows:

  • Open the MMC ( Start -> Run -> MMC.exe ) and then select add\remove snap-in and add in the Certificates snap in.
  • Select "Computer Account" as the context.
  • Right click the "Personal" folder and select the "Tasks>Import"
  • Find the mycertkey.p12 file you created and import the certificate and private key into the Computer's Certificate store.

Once the cert is installed you can now assign it from within IIS (this may vary a bit depending on IIS version)

  • Open you IIS Management Console and right click the domain you want to assign the certificate to.
  • Select Properties
  • Select the "Directory Security" tab, and then "Server Certificates"
  • Follow the Certificates Wizard prompts, selecting Next, then select "Assign Certificate" and then Next again.
  • Find and select the certificate you have just imported and click OK.

That should do it.

Solution 2

This article covers the process of creating a certificate request and installing the certificate once the signing authority (GoDaddy, Thawte, etc.) has issued your certificate.

Share:
72,342

Related videos on Youtube

Admin
Author by

Admin

Updated on September 17, 2022

Comments

  • Admin
    Admin almost 2 years

    I would like to work with certificates and the third part authority send me values:

    -----BEGIN CERTIFICATE-----
[...]Many letters and digits[...]
-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----
[...]Many letters and digits[...]
-----END RSA PRIVATE KEY-----

    But I need a .cer file to put in my IIS. How can I create this .cer file?

    Thanks in advance for any answers.

  • Admin
    Admin over 14 years
    thanks for your detailed answer, but openssl tells me : Loading 'screen' into random state - done unable to load private key
  • Admin
    Admin over 14 years
    and now, I have a "no certificate matches private key"
  • Helvick
    Helvick over 14 years
    Possibly something got corrupt while splitting the PEM format file. If you try the Openssl command using the original file from your CA as both the -in file and -inkey file it should work too. If it can match the pair it will prompt you for a password for the p12 output file.
  • Admin
    Admin over 14 years
    should be that, I've re-exported the file, and it's ok. Thanks a lot for your help
  • Ryan Bolger
    Ryan Bolger over 14 years
    In your openssl command, changing the output filename from mycertkey.p12 to mycertkey.pfx will allow easier import. PFX is a registered file extension in Windows that you can just double click on to start the certificate import wizard.
  • Helvick
    Helvick over 14 years
    @Ryan - I'm pretty sure that will result in the cert\key pair going into the user's cert store - I've always preferred to put certs where I know they belong.
  • Ryan Bolger
    Ryan Bolger over 14 years
    @Helvick Now that you mention it, I think you're right.
  • xameeramir
    xameeramir almost 9 years
    @Helvick - For the sake of breaking file into two, how do you recognize how much part is private key block and how much part is certificate block?
  • Helvick
    Helvick almost 9 years
    In a PEM format file you should be able to use BEGIN CERTIFICATE/BEGIN CERTIFICATE and BEGIN RSA PRIVATE KEY/END RSA PRIVATE KEY to decide but it will be safer to use something like OpenSSL to import the source file and then export the cert(s) and keys separately, that way you get some confidence that they are valid.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I verify/read an IIS7 SSL renewal CSR with OpenSSL
CA Certificate request failure - The RPC server is unavailable - DCOM was unable to communicate with the computer
Cannot import certificate into java control panel
HTTP Error 500.19 - Internal Server Error The requested page cannot (WCF + REST + IIS7 + SSL)
WCF Exception - The client certificate is not provided
Error while creating self-signed SSL certificate
need help Debugging SSL handshake in tomcat
How to enable TLS1.2 on IIS7 Windows Server 2008 R2
iPhone: install certificate for SSL connection
Connecting to MySQL server with ssl