Issuing a MS SSL Cert in PEM Format

HADDADD3
HADDADD3 used Ask the Experts™
on
We recently deployed a Asterix based PBX server. I need to issue the device a SSL CERT, however we issue certs using our MS box.

The PBX server calls for the following:
X.509 Certificate in PEM Format
RSA Private Key in PEM Format
Intermediate CA Certificate in PEM Format

How is it possible to issue these from my Microsoft box certificate authority? Is there a utility to convert them?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ParanormasticCryptographic Engineer

Commented:
99% of the time you can save the issued certificate in Base64 format (not DER) and just give the file a .pem file extension.  If this is the 1% of the time that this doesn't work let me know and I'll give further instructions on how to do it.

Author

Commented:
The PBX server does not have a signing request, so i am clueless as to how to issue the certificate without a signing request?
Cryptographic Engineer
Commented:
By the sound of things, I figure you have already come across this:
http://www.asterisk.org/doxygen/trunk/Config_sip.html

Sorry, I'm not as familiar with Asterisk specifically, but since they did not go into greater detail on creating the cert, I will assume they expect you to use another program.  A common utility for doing this is OpenSSL - if this is on a Linux box you may already have it installed, else look for the installer for your version.  For windows you can download here:
http://gnuwin32.sourceforge.net/packages/openssl.htm

Note that you can create the private key and certificate signing request file on one machine and get the signed certificate from your CA that way, then move the signed certificate and private key to the server and remove the originals (you don't want extra copies of a private key hanging around on your network - back them up on a flash drive or something for backups).

openssl genrsa -aes256 -out YourSite.Domain.com.key 2048
openssl req -new -key YourSite.Domain.com.key -out YourSite.Domain.com.csr

Open the .csr file in notepad and paste the entire contents into the CSR box like you would other csr files.  To install, copy the .crt file over to the pbx server and follow the instructions for your product, which I assume are in the above link I provided.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial