At the moment to generate PFX Certificate, I use openssl and:
- Generate a CSR with its private key
- Connect to my CA website (Microsoft CA), and submit CSR along with (san:dns=) additional attribute.
- From certificate authority I issue the pending certificate (Base 64).
- Convert my private key PKCS8 to PKCS1
- Create a PEM (private key, host cert, intermediate cert, and root cert)
- and FINALLY convert my PEM to PKCS#12 (.pfx file)
This process is quite lengthy and I believe I am wasting lots of time doing so.
Can anyone please let me know what is the faster way to get a certificate chain (pfx) signed from an internal Microsoft CA ?
Best Answer
Right, Well I scripted it then.
I still believe that there is an easier way with certreq and powershell but here is the bash script. Requirements: Cygwin, standard UNIX utilities, clip, openssl
The script :
Note: You have to change the path for Internet Explorer for Win 32bit and have to replace < ServerName > specific tags.