Solved

SSL .pfx

Posted on 2010-09-01
11
964 Views
Last Modified: 2015-01-05
Hi,

I recently requested a SSL certificate from GoDaddy, for use with my ssl website on Forefront. The only problem im having is the .cer needs to be .pfx i assume becouse forefront keeps displaying Invaild private key not installed. However if I go into MMC and try to export .cer to .pfx its grayed out.
0
Comment
Question by:TechLad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 5

Assisted Solution

by:WebDOT
WebDOT earned 166 total points
ID: 33578235
the .CER you get from GoDaddy needs to be combined with the original CSR to create the private key.  What GoDaddy sends is essentially a response file to the certificate signing request.  When combined, they create a public/private key pair.

Once you have them combined, then you should be able to export the certificate with the private key as a PFX.
0
 

Author Comment

by:TechLad
ID: 33578648
how would i go on conbining the two files

and also i deleted the respsonse emails from go daddy so do i need to request a new certificate ?
0
 
LVL 5

Expert Comment

by:WebDOT
ID: 33578697
no, you dont need to get a new certificate from GoDaddy.  You had to have created a Certificate Signing Request to send to GoDaddy.  If you used IIS to create a CSR, then go back into IIS manager, and to the website you used to create the CSR.  Click the "Process pending request" button and it will create your private key for you.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:TechLad
ID: 33578982
No such option avaible and everytime I try to import the .cer into IIs 7 it keeps dissapearing
0
 
LVL 78

Expert Comment

by:arnold
ID: 33579516
First you do not import, you need to go through the same process you did to generate the CSR.  There you should now see a different set of options. i.e. create a new CSR or process the certificate.

Did you generate a CSR on the IIS server prior to purchasing the certificate or did Godaddy provide you both the certificate and a private key?

You can use openssl to convert the DER/PEM formated private key and certificate into a pfx/pkcs#12 format which you will be able to import:

http://www.sslshopper.com/article-most-common-openssl-commands.html
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

You can get openssl for windows if you do not have access to a linux/unix box where openssl is likely already installed.

0
 
LVL 78

Accepted Solution

by:
arnold earned 84 total points
ID: 33579526
You can generate CSR on any IIS server since you can then export the key/certificate as a PFX file and then import it on any IIS server.
0
 
LVL 5

Assisted Solution

by:WebDOT
WebDOT earned 166 total points
ID: 33579557
Its a little different in IIS 7.  When you're in the Server Certificates screen of IIS 7, have you clicked on "Complete Certificate Request..." and imported the certificate?

Once that is done, and you see the certificate listed under Server Certificates, then you can either select it and hit Export, then provide it with a path and password to export the file.  Or you can open the Certificates MMC and then computer account, local computer, and look in your personal certificate store, find the certificate and right click, all tasks, export, and then follow the wizard to export it to a PFX.  You MUST select "Yes, export my private key" in order for it to allow the PFX certificate type (as the other types are just the public key).
0
 
LVL 2

Expert Comment

by:aimcitp
ID: 33580425
Delete the certs off of the ISA. Export again from your IIS server.  Re-import to your ISA from an mmc. Follow webDOT's steps.
0
 

Author Comment

by:TechLad
ID: 33580682
I'm having problems doing this I dunno what the problem is but when I click complete certificate request the certificate dissapears as soon as i leave the page
0
 
LVL 78

Expert Comment

by:arnold
ID: 33586441
Once you've done this, when you go through the bindigs to add the https binding, do you have a listed certificate option in the drop down list?
You need to choose it and it should then let you activate the https listener.
0
 
LVL 2

Expert Comment

by:aimcitp
ID: 33588135
Dumb question here but did you specify 443 as the port on the cert request. Arnold is right, when you do bindings for the site, all installed certs should appear- choose the one you imported.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IIS 8.5 WebDav Shared Handler Mappings 6 76
How to fid Policy on particular IP Address 5 71
DNS Forward 4 61
Verifying if VA scan's vulnerabilities are false positives 3 99
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question