Some time ago I wrote a post how to use self-signed SSL certificate in Azure App service: Use self-signed SSL certificate for web API hosted in Azure App service. In this article we generated self-signed certificate, exported private key to pfx file and used it in Azure. But what it you will use another hosting provider which require private key in .key format and SSL certificate itself in .crt file? Good news is that it is possible to create .key/.crt files from .pfx and in this article I will show how to do that.
We will need openssl.exe tool which will make actual work. If you will try to Google it there will be plenty of 3rt party sites where you may download that. The problem however is that there is no guarantee that these are safe download links (i.e. that there won't be malwares and viruses). Safer option is to use openssl.exe which is shipped with git client for Windows: I found my in the following location:
C:\Program Files\Git\usr\bin\openssl.exe
With this tool in order to export SSL certificate from .pfx to .crt we may use the following command:
openssl pkcs12 -in myCert.pfx -clcerts -nokeys -out myCert.crt
and in order to export private key to .key format from .pfx the following:
openssl pkcs12 -in myCert.pfx -nocerts -out myCert-encrypted.key
Here you will need to specify pfx password and also provide so called PEM pass phrase which will proteck .key file. I.e. private key in .key format will be still encrypted. If you will need it in unencrypted format (ensure that it will be stored in safe location in this case) use the following command:
openssl rsa -in myCert-encrypted.key -out myCert-decrypted.key
After that you will be able to use self-signed SSL certificate in .key/.crt format.
If you need certificate in.pem format you may get it by concatenating myCert-decrypted.key and myCert.crt files - resulting .pem file should have the following parts (first is copied from myCert-decrypted.key and second from myCert.crt):
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
So if your hosting provider requires .pem file you will be able to use it there.
No comments:
Post a Comment