{"id":642,"date":"2006-11-16T15:01:34","date_gmt":"2006-11-16T23:01:34","guid":{"rendered":"\/?p=642"},"modified":"2006-11-16T16:00:48","modified_gmt":"2006-11-17T00:00:48","slug":"converting-openssl-pem-certificates-and-keys-into-a-pfx-format-for-iis","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=642","title":{"rendered":"Converting OpenSSL PEM certificates and keys into a P12 format for IIS"},"content":{"rendered":"<p>Sometimes you want the same public key and certificate to operate on both *NIX and Windows machines.&nbsp;<\/p>\n<p>One way to do&nbsp;this is to create your key pair using openssl, obtain a&nbsp;certificate in PEM format, and then use openssl to convert&nbsp;the key&nbsp;and corresponding&nbsp;certificate into a P12 format that can be consumed by Windows.<\/p>\n<p>PEM format is base64 encoded, meaning it is standard text that can be put into an ascii editor like Windows notepad.<\/p>\n<p>Openssl&nbsp;needs you to give it&nbsp;a single&nbsp;file with a &#8220;.PEM&#8221; extension combining both your certificate and private key.&nbsp; You do this by cutting and pasting the text from your certificate and private key files to produce a &#8220;.PEM&#8221; file like this:<\/p>\n<p><img src=\"\/wp-content\/images\/2006\/11\/ssl-1.gif\" \/><\/p>\n<p>Next, use openss to create a &#8220;p12&#8221; file using the combined &#8220;.PEM&#8221; file.&nbsp; The command is shown below.&nbsp; Assuming your private key is protected by a passphrase, you will first be asked for&nbsp;the passphrase to unlock&nbsp;your &#8220;.pem&#8221; key, and then asked for another to protect the newly created &#8220;p12&#8221; file.&nbsp; (I use the same one to reduce prospects of insanity).<\/p>\n<p><img src=\"\/wp-content\/images\/2006\/11\/ssl-2.gif\" \/><\/p>\n<p>The result will be a &#8220;.p12&#8221; file that you can install into Windows.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sometimes you want the same public key and certificate to operate on both *NIX and Windows machines.&nbsp; One way to do&nbsp;this is to create your key pair using openssl, obtain a&nbsp;certificate in PEM format, and then use openssl to convert&nbsp;the key&nbsp;and corresponding&nbsp;certificate into a P12 format that can be consumed by Windows. PEM format is &hellip; <a href=\"https:\/\/www.identityblog.com\/?p=642\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Converting OpenSSL PEM certificates and keys into a P12 format for IIS<\/span><\/a><\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/642"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=642"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/642\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}