Geek Answers Handbook

Export SSL certificate using private key in windows

I am trying to create an SSL certificate for a domain name.

What I did: Go to IIS Management> Server Certificates and click on Create Request. This created a * .com file with a hash inside it, which I sent to GoDaddy. From GoDaddy I got a zip with two files: * .crt and * .p7b

I exported the certificate to a * .cer file and uploaded it to Azure, but when I try to deploy a cloud project, I get an error:

Certificate with a fingerprint associated with an HTTPS endpoint does not contain a private key

After reading such problems on the Internet, I understand that my * .cer file does not contain a private key. My problem is that no matter how I try to export it to * .PFX, the PFX parameter is always disabled in the Certificate Export Wizard.

Also not sure if this is related, but when I find the full certificate request in IIS and select the certificate I received from GoDaddy. I get an error message:

Cannot find the certificate request associated with this certificate file. The certificate request must be completed on the computer on which the request was created.

+4
source share
2 answers

It turned out to be something completely idiotic, as usual, spoiled by Microsoft. The process of creating a certificate for a domain is that you need to use [Create Certificate Request] in IIS. Then send the created hash to the Authority and use [Full Certificate Request] in IIS, where you will provide the certificate provided to you by the Authority. This will install the certificate in the local IIS

After installing the certificate, you need to right-click on it and export to the * .PFX file. Now the PFX file can be uploaded to Azure or any other hosting ...

The processes could be very simple if Microsoft did not take care to spoil them.

The fact is that when you click [Full Certificate Request], the file open dialog has the * .CER file type, but this is incorrect because you need to provide * .CRT !!! The solution is to change the file type by selecting โ€œAll Filesโ€ *.* And select the * .CRT file provided by the Authority.

+3
source

You will not be able to export from IIS or export to PFX from Certificate Manager unless you run IIS Create Certificate Request and Full Certificate Request on the same machine .

That was my problem. I took these two steps from two different machines.

I had to create a new request (in IIS), go to GoDaddy, reinstall my certificate, upload a new certificate and then execute the request (in IIS).

+5
source

More articles:


All Articles