我需要pfx文件来安装IIS网站上的https。

我有两个单独的文件:证书(。cer或pem)和私钥(.crt),但IIS只接受.pfx文件。

我显然安装了证书,它在证书管理器(mmc)中可用,但当我选择证书导出向导时,我无法选择PFX格式(它是灰色的)

有什么工具可以做到这一点吗?或者c#中有编程的例子吗?


当前回答

您需要使用openssl。

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

密钥文件只是一个文本文件,其中包含您的私钥。

如果您有根CA和中间cert,那么也可以使用多个in参数将它们包括在内

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt

如果你有一个捆绑的crt文件,你可以在nginx中使用,你可以把它和cert一起传入:

cat domain.name.crt | tee -a domain.name.bundled.crt
cat intermediate.crt | tee -a domain.name.bundled.crt
cat rootca.crt | tee -a domain.name.bundled.crt
openssl pkcs12 -export -out domain.name.pfx \
  -inkey domain.name.key \
  -in domain.name.bundled.crt 

您可以从这里安装openssl: openssl

其他回答

需要使用makecert工具。

以管理员身份打开命令提示符,输入以下命令:

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

其中<CertifcateName> =要创建的证书的名称。

然后,您可以通过键入certmgr打开管理控制台的证书管理器管理单元。在开始菜单中,单击个人>证书>,您的证书应该可用。

这是一篇文章。

https://azure.microsoft.com/documentation/articles/cloud-services-certs-create/

微软Pvk2Pfx命令行实用程序似乎有你需要的功能:

Pvk2Pfx (Pvk2Pfx.exe)是一个命令行工具,它将。spc、。cer和。pvk文件中包含的公钥和私钥信息复制到个人信息交换(Personal information Exchange, pfx)文件中。 http://msdn.microsoft.com/en-us/library/windows/hardware/ff550672 (v = vs.85) . aspx

注意:如果你需要/想要/更喜欢c#解决方案,那么你可能会考虑使用http://www.bouncycastle.org/ api。

我从.key和.pem文件创建了.pfx文件。

比如这个openssl pkcs12 -inkey rootCA。输入rootCA。-export -out rootCA.pfx . pem

在大多数情况下,如果您无法将证书导出为PFX(包括私钥),是因为MMC/IIS无法找到/没有访问私钥(用于生成CSR)的权限。以下是我解决这个问题的步骤:

Run MMC as Admin Generate the CSR using MMC. Follow this instructions to make the certificate exportable. Once you get the certificate from the CA (crt + p7b), import them (Personal\Certificates, and Intermediate Certification Authority\Certificates) IMPORTANT: Right-click your new certificate (Personal\Certificates) All Tasks..Manage Private Key, and assign permissions to your account or Everyone (risky!). You can go back to previous permissions once you have finished. Now, right-click the certificate and select All Tasks..Export, and you should be able to export the certificate including the private key as a PFX file, and you can upload it to Azure!

希望这能有所帮助!

你不需要openssl或makecert或任何。你也不需要CA给你的个人密钥。我几乎可以保证,问题是你希望能够使用CA提供的密钥和cer文件,但它们不是基于“IIS方式”。

SSL证书IIS与PFX一劳永逸- SSL和IIS解释- http://rainabba.blogspot.com/2014/03/ssl-certs-for-iis-with-pfx-once-and-for.html

Use IIS "Server Certificates" UI to "Generate Certificate Request" (the details of this request are out of the scope of this article but those details are critical). This will give you a CSR prepped for IIS. You then give that CSR to your CA and ask for a certificate. Then you take the CER/CRT file they give you, go back to IIS, "Complete Certificate Request" in the same place you generated the request. It may ask for a .CER and you might have a .CRT. They are the same thing. Just change the extension or use the . extension drop-down to select your .CRT. Now provide a proper "friendly name" (*.yourdomain.example, yourdomain.example, foo.yourdomain.example, etc..) THIS IS IMPORTANT! This MUST match what you setup the CSR for and what your CA provided you. If you asked for a wildcard, your CA must have approved and generated a wildcard and you must use the same. If your CSR was generated for foo.yourdomain.example, you MUST provide the same at this step.