Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Export IIS 7 SSL key and certificate in x509 format?

Posted on 2014-11-13
3
Medium Priority
?
609 Views
Last Modified: 2014-11-14
I have a working SSL certificate installed on a WIndows 2008 R2 (IIS 7.5) server.

I've been asked to export the certificate and key in x509 format.

Can someone provide a step-by-step "for Dummies" recipe for doing that?   I assume that I must first export the certificate to PFX and then convert it?

I understand that I don't understand all the definitions/relationships/formats of PEM, DER, PKCS7, x509, CRT, CER.  While I want to understand it all better, I first need to get the export completed.

Thank you.
0
Comment
Question by:RichardKline
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 24

Assisted Solution

by:Dirk Kotte
Dirk Kotte earned 600 total points
ID: 40441933
X.509 is "the certificate" definition and define which content is included.
PEM, DER, PKCS7, x509, CRT, CER are only file extensions and define how the x.509 cert is stored/encoded.
so the .p12 file (PKCS#12) may contain the password protected private key. but it is also X.509.

the questions at windows IIS should be:
- with or without private key
- DER or base64 coded

mostly the certificates are usable if i save the files as .txt or .test also. because the file header contains the necessary information.

more details:
http://en.wikipedia.org/wiki/X.509
0
 
LVL 64

Accepted Solution

by:
btan earned 1400 total points
ID: 40442131
iis support pfx as it is and the key has to be marked as exportable else it cannot be exported as required. the below is reference on the requirement and steps per se.
https://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm

in fact x.509 should be x.509v3. the other format (such as p12 or pkcs12, pem, der) is not the direct mapping for pfx. there are means to convert them and most are using the s/w called openssl. below are some example.
http://wiki.gandi.net/en/ssl/troubleshoot
https://sslguru.sg/faq/technical-questions/convert-certificates-formats-pem-p7b-pfx-der.html
0
 
LVL 1

Author Closing Comment

by:RichardKline
ID: 40443140
My question could not be answered as simply as I would have liked.     Both answers contain part of the needed information.    btan's showed me the necessary program and command line Thank you.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question