Request certificate for ADFS

jorgeramos78 · April 2, 2019, 8:58pm

I downloaded an ACME client from https://github.com/PKISharp/win-acme and was able to request and download certificates from a Windows server; but I did not receive a private key. My end goal is to get a certificate that I can later use to setup ADFS (which must be in PFX format).

My domain is: adfs.vohrahealthservices.com

I ran this command:

It produced this output:

My web server is (include version): IIS 8.0

The operating system my web server runs on is (include version): Windows Server 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

JuergenAuer · April 2, 2019, 9:51pm

Hi @jorgeramos78

the private key is on your server. You must have the private key to use a certificate.

Windows uses the pfx format.

You have a new certificate ( https://check-your-website.server-daten.de/?q=adfs.vohrahealthservices.com ):

CN=adfs.vohrahealthservices.com
	01.04.2019
	30.06.2019
expires in 89 days	adfs.vohrahealthservices.com - 1 entry

So check your Webhosting - Certificate store, there you should find the certificate.

Then you can export the certificate as pfx-file with the private key.

jorgeramos78 · April 3, 2019, 1:10pm

Thanks for your help. You are correct that they key was in IIS and my certificate store; but neither allowed me to export it nor the certificates. However; I was able to generate a PFX certificates by following the following steps:

When requesting the certificate, I chose 3: Write .pem files to folder (Apache, ngnix, etc.) instead of saving it to the IIS Central Certificate Store or Windows Certificate Store.
Opened the certificate chain file (domainname.com-chain) and created another PEM file with the first certificate (domainname.com-certificate.pem) and another with the second certificate (LetsEncrypt.pem).
Ran OpenSSL and used the command below to export a PFX certificate from the downloaded certificates:

openssl pkcs12 -export -inkey “C:\SSLcertificates\domainname.com-key.pem” -in “C:\SSLcertificates\domainname.com-certificate.pem” -certfile “C:\SSLcertificates\LetsEncrypt.pem” -out “C:\SSLcertificates\ADFS.pfx”

Finaly; I ran the ADFS wizard and used the ADFS.pfx certificate.

Topic		Replies	Views
Not able to export certificate from IIS or certificate manager Help	5	10689	May 18, 2019
Create PFX certificate for MS Exchange 2016 Help	7	4850	June 2, 2018
Steps to Create Certificate Help	13	3400	December 7, 2017
How convert pem to pfx and also generate intermidiate certificates chain Help	4	1404	February 14, 2025
Import certificate from certbot to iis 8.5 Help	4	7955	July 10, 2020

Request certificate for ADFS

Related topics