Following on from a previous post: -
Mac
Generate Private Key
openssl genrsa -out ~/macintosh.uk.ibm.com.key 2048
openssl genrsa -out ~/macintosh.uk.ibm.com.key 2048
Create Certificate Service Request
openssl req -new -sha256 -key ~/macintosh.uk.ibm.com.key -out ~/macintosh.uk.ibm.com.csr
Generate Personal Certificate using Certificate Service Request ( on Windows Server 2008 R2 )
certreq.exe -submit -attrib "CertificateTemplate:User" macintosh.uk.ibm.com.csr macintosh.uk.ibm.com.cer
Combine Private Key, Personal Certificate and Certificate Service Request into PKCS12 Export File ( .pfx )
openssl pkcs12 -export -out macintosh.uk.ibm.com.pfx -inkey macintosh.uk.ibm.com.key -in macintosh.uk.ibm.com.cer -certfile macintosh.uk.ibm.com.csr
The .pfx file can then be imported into a browser such as Firefox, which expects an import to (a) include the private key (b) include the personal certificate and (c) have a password set on the import file
openssl pkcs12 -export -out macintosh.uk.ibm.com.pfx -inkey macintosh.uk.ibm.com.key -in macintosh.uk.ibm.com.cer -certfile macintosh.uk.ibm.com.csr
The .pfx file can then be imported into a browser such as Firefox, which expects an import to (a) include the private key (b) include the personal certificate and (c) have a password set on the import file
Windows
Setup Path to OpenSSL Configuration
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
Generate Private Key
c:\OpenSSL-Win32\bin\openssl.exe genrsa -out c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.key 2048
Setup Path to OpenSSL Configuration
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
Generate Private Key
c:\OpenSSL-Win32\bin\openssl.exe genrsa -out c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.key 2048
Create Certificate Service Request
c:\OpenSSL-Win32\bin\openssl.exe req -new -sha256 -key c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.key -out c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.csr
Generate Personal Certificate using Certificate Service Request ( on Windows Server 2008 R2 )
certreq.exe -submit -attrib "CertificateTemplate:User" c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.csr c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.cer
Combine Private Key, Personal Certificate and Certificate Service Request into PKCS12 Export File ( .pfx )
c:\OpenSSL-Win32\bin\openssl.exe pkcs12 -export -out c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.pfx -inkey c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.key -in c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.cer -certfile c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.csr
- Note; this fails with unable to load certificates - it appears that, with Windows, one does NOT need to provide the CSR, merely the private key and personal certificate
c:\OpenSSL-Win32\bin\openssl.exe pkcs12 -export -out c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.pfx -in c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.cer -inkey c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.key
For the record, on the Mac, I have this version of OpenSSL: -
Generate Personal Certificate using Certificate Service Request ( on Windows Server 2008 R2 )
certreq.exe -submit -attrib "CertificateTemplate:User" c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.csr c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.cer
Combine Private Key, Personal Certificate and Certificate Service Request into PKCS12 Export File ( .pfx )
c:\OpenSSL-Win32\bin\openssl.exe pkcs12 -export -out c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.pfx -inkey c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.key -in c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.cer -certfile c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.csr
- Note; this fails with unable to load certificates - it appears that, with Windows, one does NOT need to provide the CSR, merely the private key and personal certificate
c:\OpenSSL-Win32\bin\openssl.exe pkcs12 -export -out c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.pfx -in c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.cer -inkey c:\Users\Administrator\Desktop\w2k8.uk.ibm.com.key
For the record, on the Mac, I have this version of OpenSSL: -
openssl version
OpenSSL 0.9.8zh 14 Jan 2016
c:\OpenSSL-Win32\bin\openssl.exe version
OpenSSL 1.0.2g 1 Mar 2016
No comments:
Post a Comment