How to get from pem to pfx


#1

I have an up and running Apache Server with an letsencrypt ssl-certificate which automatically renews.
So far so fine.
I would now like to install a c# application which implements a websocket Server on this mashine.
I am using the Fleck library for this purpose which also offers wss Support.

For this purpose I Need to Point to a .pfx certificate in a line like

server.Certificate = new X509Certificate2(“MyCert.pfx”);

Letsencrypt, though, Comes with .pem files and at least fullchain.pem is nothing which would work.

What should I do to create a proper .pfx file from the existing .pem files?

Best regards

Wuppi


#2

Hi @wuppi,

Please see the other threads here found with

https://community.letsencrypt.org/search?q=pkcs12


#3

Hi,
first, thanks for pinpointing me. The command

openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem

seems to generate the .pfx

But still my application is not really happy. The line

server.Certificate = new X509Certificate2(“certificate.pfx”,"");

is accepted but once the Client connects the Server tells a Long error Story (see below)
and I have no Clou how to handle this.

Best

Wuppi

=======================================================================
[Warn] Failed to Authenticate System.AggregateException: One or more errors occured —> System.IO.IOException: The authentication or de cryption has failed. —> System.NotSupportedException: Unsupported security protocol type
at Mono.Security.Protocol.Tls.Context.DecodeProtocolCode (Int16 code) [0x00000] in :0
at Mono.Security.Protocol.Tls.Handshake.Server.TlsClientHello.processProtocol (Int16 protocol) [0x00000] in :0
at Mono.Security.Protocol.Tls.Handshake.Server.TlsClientHello.ProcessAsTls1 () [0x00000] in :0
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] in :0
at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
at Mono.Security.Protocol.Tls.ServerRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in : 0
at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in :0
— End of inner exception stack trace —
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in :0
— End of inner exception stack trace —
–> (Inner exception 0) System.IO.IOException: The authentication or decryption has failed. —> System.NotSupportedException: Unsupported security protoco l type
at Mono.Security.Protocol.Tls.Context.DecodeProtocolCode (Int16 code) [0x00000] in :0
at Mono.Security.Protocol.Tls.Handshake.Server.TlsClientHello.processProtocol (Int16 protocol) [0x00000] in :0
at Mono.Security.Protocol.Tls.Handshake.Server.TlsClientHello.ProcessAsTls1 () [0x00000] in :0
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] in :0
at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
at Mono.Security.Protocol.Tls.ServerRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in : 0
at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in :0
— End of inner exception stack trace —
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in :0


#4

That error doesn’t really explain why the TLS library had trouble establishing the connection. :frowning:

Could you tell us where this TLS server is located? Is it reachable over the public Internet so that we could try connecting to it with other software?

Could you connect to it with curl or openssl s_client -connect? (curl expects an HTTPS service but openssl s_client -connect can work with any kind of TLS service.)


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.