Need help understanding SSL Certs and how to provide PKCS#7 cert to external company
Posted on 2013-11-12
We've been asked to upload "our own private key (which may be PKCS#7 encrypted or bundled via PKCS#12) to a third party company. I have absolutely no idea what I'm doing here so please use my specific examples in your answers because I can't extrapolate out from all the stuff I'm searching on the net.
I went to NetWorkSolutions, our SSL provider and downloaded a .zip. In the .zip are the following files. Just in case it matters, our SSL cert is a wildcard for *.mysite.com.
3. STAR.MYCOMPANY.COM.crt (which I think is my certfile)
I tried using OpenSSL on a Centos 6.3 install and following different examples on the net, but have not ended up with a file that the company accepts as valid. Part of the problem is I'm not sure which of these files is my "Private Key", or if none of these are, where I'd get the private key, what other files need to be attached, etc. I was not the one who originally requested the certificate. Am I just not able to do this without the Private key?
I tried following example to create a PKCS#7 file but when I tried uploading it, I got the message "Private key must be uploaded together with a certificate" which I get no matter what I try.
openssl crl2pkcs7 -nocrl -certfile STAR.MYCOMPANY.COM.crt -out STAR.MYCOMPANY.COM.p7b -certfile NetworkSolutions_CA.crt
This produced STAR.MYCOMPANY.COM.p7b
I started to try
Convert PEM to PFX
$ openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CAcert.crt
but I couldn't figure out which of my files listed above went where for this to work.
Thanks in advance.