Request certificate for ADFS

jorgeramos78 · April 2, 2019, 8:58pm

I downloaded an ACME client from https://github.com/PKISharp/win-acme and was able to request and download certificates from a Windows server; but I did not receive a private key. My end goal is to get a certificate that I can later use to setup ADFS (which must be in PFX format).

My domain is: adfs.vohrahealthservices.com

I ran this command:

It produced this output:

My web server is (include version): IIS 8.0

The operating system my web server runs on is (include version): Windows Server 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

JuergenAuer · April 2, 2019, 9:51pm

Hi @jorgeramos78

the private key is on your server. You must have the private key to use a certificate.

Windows uses the pfx format.

You have a new certificate ( https://check-your-website.server-daten.de/?q=adfs.vohrahealthservices.com ):

CN=adfs.vohrahealthservices.com
	01.04.2019
	30.06.2019
expires in 89 days	adfs.vohrahealthservices.com - 1 entry

So check your Webhosting - Certificate store, there you should find the certificate.

Then you can export the certificate as pfx-file with the private key.

jorgeramos78 · April 3, 2019, 1:10pm

Thanks for your help. You are correct that they key was in IIS and my certificate store; but neither allowed me to export it nor the certificates. However; I was able to generate a PFX certificates by following the following steps:

When requesting the certificate, I chose 3: Write .pem files to folder (Apache, ngnix, etc.) instead of saving it to the IIS Central Certificate Store or Windows Certificate Store.
Opened the certificate chain file (domainname.com-chain) and created another PEM file with the first certificate (domainname.com-certificate.pem) and another with the second certificate (LetsEncrypt.pem).
Ran OpenSSL and used the command below to export a PFX certificate from the downloaded certificates:

openssl pkcs12 -export -inkey “C:\SSLcertificates\domainname.com-key.pem” -in “C:\SSLcertificates\domainname.com-certificate.pem” -certfile “C:\SSLcertificates\LetsEncrypt.pem” -out “C:\SSLcertificates\ADFS.pfx”

Finaly; I ran the ADFS wizard and used the ADFS.pfx certificate.

system · May 3, 2019, 1:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not able to export certificate from IIS or certificate manager Help	5	10116	May 18, 2019
Loss of SSL certificate Help	14	433	December 7, 2023
Exporting Public & Private keys from ACME Certificates Help	4	389	May 12, 2024
Need help with VEEAM SSL Cert Help	3	383	November 27, 2023
Certificate for ADFS Help	19	9616	August 10, 2020

Request certificate for ADFS

Related topics