SSL Certificate for Azure
Question
I want to set a SSL Certificate to my Azure Website. The CA, Gandi, gave me a .crt file. However, Azure wants a .pfx file with private key.
I must say that I'm not used to deal with SSL Certificates :-/
I searched for some solutions before to post my question here but nothing has worked. One of them was to use openssl to convert my .Crt file, but when I tried those commands, I have an error message which said that the private key can't be identified.
The .crt file doesn't contain the private key ? I only have this .crt file, where can I find that private key?
Thank you for reading my question, and any answers will be appreciated :-)
2 answers
solution1
8 2013-07-21 19:35:18
So first things first. While Gandi generated the certificates for you, it must have asked for a CSR (Certificate Signed Request). If you have generated the CSR using IIS then there is little chance that a Private Key file also was generated for you. Hence, it's always advisable to use tools like OpenSSL to generate the CSR and also the Private Key file which can be used later to create a PFX out of the crt file you have received from the CA. So, the steps to be followed are:
- Generate a CSR and a Private Key file using OpenSSL tool using the below command:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out myserver.csr
Where myserver can be replaced with any name that you wish for the certificate. This command will then allow you to enter information for generating the CSR. This step is further elaborated here: http://wiki.gandi.net/en/ssl/csr
Next, Pass the CSR and other validation information to Gandi, which will then generate a .crt and a .pem (in case of intermediate certs) for you like you mentioned.
Once you have obtained the certs, first import the intermediate certificate using the mmc (management console). This link can help you with this step: http://blog.amusedia.com/2011/10/setting-up-secure-windows-azure-web.html
Next, using the below OpenSSL command convert the crt file to a pfx file that you can then export.
openssl pkcs12 -export -out name-your-azure-certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.pem
Here, your privateKey.key is the file that you generated in the first step. certificate.crt is your crt file that you recieved from Gandi and the CACert.pem is the pem file Gandi gave you.
The successful execution of the above command should prompt you for a password. Please remember this password as you will need to enter this while uploading the pfx to Azure.
solution2
1 2014-05-03 10:33:21
Use the free DigiCert Certificate Utility - it's a no brainer, you will be up and running in a minute.
Here is the exact procedure to follow: http://www.digicert.com/ssl-certificate-installation-azure-website.htm#import
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.