I'm trying to create a PFX file for my website hosted on Azure.
I generated mycsr.csr
as well as privatekey.key
and from Entrust I recieved back 3 files root.crt
, Intermediate.crt
and ServerCertificate.crt
.
I've tried to create my PFX file with the following command
- "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -out myPrivateCert.pfx -inkey PRIVATEKEY.key -in ServerCertificate.crt
This does generate a PFX file but when I try to upload it to Azure it says
- The password is incorrect, or the certificate is not valid
I know I entered the password correct, so I feel I generated the PFX incorrectly.
I'm new to SSL certificates and I'm not quite sure the differences between the 3 CRT files I was returned.
Any help is appreciated.
EDIT
I tried merging the 3 CRT files into one chain.pem
file such that the ServerCertificate file was first, then Intermediate, then root.
I then tried to generate the PFX file with this command:
- "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -in chain.pem -inkey PRIVATEKEY.key -export -out myPrivateCert.pfx
Again this PFX file won't upload to Azure.
Best Answer
I followed the steps from @Lacek but it was only part of my problem. The PFX file generated after his steps still wasn't accepted by Azure. Here's the complete solution.
Combine the CRT files (ServerCertificate.crt then Intermediate.crt then root.crt) into a single chain.pem file
then export this file as a PFX using openssl
openssl.exe pkcs12 -in chain.pem -inkey PRIVATEKEY.key -export -out myPrivateCert.pfx
then import this PFX file into MMC (Microsoft Management Console). Important that when you import it that you check "Mark this key as exportable..."
I'm not an export in SSL certificates so I'm not sure if all of these steps are necessary, I just know that they worked for me.
I also have no clue the differences between the PFX file generated by OpenSSL and the PFX file generated by MMC, but clearly there's a difference and Azure preferes the latter.
Hope this helps someone else.