Daniel Harris

Coding, The Cloud, and Tech

4. May 2012 21:53
by Daniel Harris
0 Comments

Creating an RSA Private Key for Windows Server 2008 from text using OpenSSL

4. May 2012 21:53 by | 0 Comments

Recently I had to move a clients website from their old developers server in the USA to one based here in the UK.

Part of that migration involved getting an SSL certificate setup and working on the new server.

I was provided with the certificate code in the following text format:

—–BEGIN CERTIFICATE—–

xxxxxxx

—–END CERTIFICATE—–

Text in this format can easily be saved from notepad with a .cer or .crt extension, and it will install on a Windows machine, seemingly without any problems…

However, if you go to IIS and try to assign this certificate it will not be listed. This is because you have not got the second piece, the RSA Private key.

I had this in a second text file in the format:

—–BEGIN RSA PRIVATE KEY—–

xxxxxxx

—–END RSA PRIVATE KEY—–

This is usually generated when you create a CSR request, and send it to the issuing authority, and is stored on the machine the request was generated on.

Since I didn’t generate a request from the server we were migrating from (I simply had two blocks of text) the matching private key was not generated and present on the server. No matter how many formats I saved the RSA key text as, it would not import the private key.

Using OpenSSL to generate a .p12 file

The solution was to generate a p.12 file, using both the Private RSA key (Text file saved as a .key) and the Certificate (Text file saved as .cer).

I downloaded a windows version of OpenSSL found here: Win32 OpenSSL v0.9.8r Light

Once installed (I put it to C:\OpenSSL) you need to run the following command on your two files:

openssl pkcs12 -export -in certificate.crt -inkey rsa.key -out fullcertificate.p12

 

The command prompt should ask you type in a password, choose something secure but remember it as you will need it when importing to your server.

Import the .p12 file into IIS7

Once you have generated the .p12 file, go into IIS7 management and select the server in the tree view on the left, and then follow these steps:

  1. Double click on “Server Certificates”
  2. On the right in the actions pane click “Import”
  3. Click on the “..” button to browse and at the bottom right of the dialog change the dropdown to “*.*”
  4. Browse to the “fullcertificate.p12″ file, enter the password for the certificate that you entered into OpenSSL
  5. It’s up to you if you want to enable the certificate to be exported later
  6. Click OK and the certificate should import successfully

You will notice the certificate doesn’t have a name, but you can right click it, choose properties and enter something into the “friendly name” field.

You can now assign this certificate to the site in IIS as you usually would.

If you try this and have any problems, or if this post helps you solve your issue then please leave a comment.

blog comments powered by Disqus