Cert Came With Crt But Need To Generate Private Key
KB ID 0001528
May 13, 2014 When given.crt and.key files, make a.pfx file 6 years ago May 13, 2014 2 min read Security is an important topic for anything hosted online, and SSL (Secure Sockets Layer) is key when you have information that needs to be transferred securely between a client browsers and a web server.
- When the certificate came I had certificate-name.crt, and a CA bundle, but I could NOT import it into Exchange, (because the private key was missing). I had the private key, I downloaded it when I made the certificate request. So I had the certificate and the private key, I needed to import the private key into my Exchange server, or create a.
- Sep 12, 2014 The -nodes option specifies that the private key should not be encrypted with a pass phrase. The -new option, which is not included here but implied, indicates that a CSR is being generated. Generate a CSR from an Existing Private Key. Use this method if you already have a private key that you would like to use to request a certificate from a CA.
Problem
On my test network I have an Exchange server (Exchange 2016). As it’s publicly available and connected to Office 365 it needs a digital certificate. Because its my test network, I don’t want to spend a fortune on a certificates, so I buy the cheapest one I can find. I replaced it last week with a 2 year certificate for about $5.00.
When the certificate came I had certificate-name.crt, and a CA bundle, but I could NOT import it into Exchange, (because the private key was missing). I had the private key, I downloaded it when I made the certificate request.
So I had the certificate and the private key, I needed to import the private key into my Exchange server, or create a PFX file that had the certificate and the private key in it, that I could import into Exchange.
Create a PFX File with OpenSSL
The simplest way to create a PFX, (if you are feeling lazy,) is to go here and let them do it for you. But I know I could do this with OpenSSL, being a mac user I already have OpenSSL, if you are a Windows user you can install OpenSSL for Windows and do the same thing.
Firstly place your private key file and certificate in a folder you can get at like so;
Then execute the following command;
When prompted to do so, enter a password, (you will need to enter this on your Exchange server, so make a note of it!) You will then have your .PFX file.
Import PFX File into Exchange
I prefer to use PowerShell, (if you want to use the Exchange Admin Centre scroll down.)
Copy the certificate thumbprint (as shown) to the clipboard.
Then you need to associate the Exchange ‘Services’ with this new certificate;
When prompted to do so enter ‘A’, (for replace all.)
You should see the correct certificate used now, like so;
Note: If you only see a blank page for OWA and Exchange Admin Center (ECP) after changing certificates, then see the following post;
Import a PFX From Exchange Admin Center
Cert Came With Crt But Need To Generate Private Key Blockchain
Servers > Certificates > Select the appropriate Server > Ellipses > Import Exchange Certificate > Add the path to the PFX file, and its password > Next.
Add the server > Finish.
Cert Came With Crt But Need To Generate Private Key In Ec2 Aws
Now to enable the certificate for the appropriate Exchanges Services, select the cert > Edit > Services > Tick SMTP, IMAP, POP, and IIS > Save > OK.
Cert Came With Crt But Need To Generate Private Key West
