Generate a .pfx certificate using OpenSSL

Spread the love

Azure uses .pfx files to bind SSL to your domain. This tutorial will show you how  to generate the .pfx file from a custom SSL certificate that you purchased from a trusted certificate authority by using  OpenSSL.

Prerequisites

To complete this tutorial you need to have completed the following:

  • Mapped a custom DNS name
  • Acquired an SSL certificate from a trusted certificate authority. The file should look similar to this:
    -----BEGIN CERTIFICATE-----
    OptjltB+ao6oOc8af3EirJPmEaUOIp+zVIS0dJmSyOwIR39Bx0RAf1wP/NZhESmp
    ...
    ...
    ...
    k8QDCbHNkqhsOPWv1/RUktkCAwEAAaOCAsAwggK8MB8GA1UdIwQYMBaAFJBY/7Cc
    -----END CERTIFICATE-----
  • Have the private key you used to sign the SSL certificate request. The file should look similar to this:
    -----BEGIN RSA PRIVATE KEY-----
    2LhvvpgEChah/m6P0MSIW4PkSq8IJ375CwZZf+Vz/acckhnrOscMTkHFIUHofTs+
    ...
    ...
    Jq6bM/BWvYlXURIx7bmJSU18yDCCZDugKQFF9pVD/db8O2Q8beowQQRmfFAdexdU
    -----END RSA PRIVATE KEY-----
  • Download OpenSSL from here.

Generate .pfx certificate using OpenSSL

Take the Certificate .txt file and rename the extension to .cer. So if you had a Certificate.text file you should now have a Certificate.cer file.

Take the Private Key .txt file and rename the extension to .key. So if you had a PrivateKey.text file you should now have a PrivateKey.keyfile.

Open a Command Prompt inside the bin folder of the OpenSSL Installation and run the following command to generate the .pfx.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.cer

Breaking down the command:

  • openssl – the command for executing OpenSSL
  • pkcs12 – the file utility for PKCS#12 files in OpenSSL
  • export out certificate.pfx – export and save the PFX file as certificate.pfx
  • inkey privateKey.key – use the private key file privateKey.key as the private key to combine with the certificate.
  • in certificate.crt – use certificate.crt as the certificate the private key will be combined with.
  • certfile more.crt – This is optional, this is if you have any additional certificates you would like to include in the PFX file.

The .pfx generation is complete. Now you can use the .pfx file to bind your certificate to your domain in Azure.

Leave a Reply

Your email address will not be published. Required fields are marked *