Request certificate for ADFS

#1

I downloaded an ACME client from https://github.com/PKISharp/win-acme and was able to request and download certificates from a Windows server; but I did not receive a private key. My end goal is to get a certificate that I can later use to setup ADFS (which must be in PFX format).

My domain is: adfs.vohrahealthservices.com

I ran this command:

It produced this output:

My web server is (include version): IIS 8.0

The operating system my web server runs on is (include version): Windows Server 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#2

Hi @jorgeramos78

the private key is on your server. You must have the private key to use a certificate.

Windows uses the pfx format.

You have a new certificate ( https://check-your-website.server-daten.de/?q=adfs.vohrahealthservices.com ):

CN=adfs.vohrahealthservices.com
	01.04.2019
	30.06.2019
expires in 89 days	adfs.vohrahealthservices.com - 1 entry

So check your Webhosting - Certificate store, there you should find the certificate.

Then you can export the certificate as pfx-file with the private key.

#3

Thanks for your help. You are correct that they key was in IIS and my certificate store; but neither allowed me to export it nor the certificates. However; I was able to generate a PFX certificates by following the following steps:

  1. When requesting the certificate, I chose 3: Write .pem files to folder (Apache, ngnix, etc.) instead of saving it to the IIS Central Certificate Store or Windows Certificate Store.

  2. Opened the certificate chain file (domainname.com-chain) and created another PEM file with the first certificate (domainname.com-certificate.pem) and another with the second certificate (LetsEncrypt.pem).

  3. Ran OpenSSL and used the command below to export a PFX certificate from the downloaded certificates:

openssl pkcs12 -export -inkey “C:\SSLcertificates\domainname.com-key.pem” -in “C:\SSLcertificates\domainname.com-certificate.pem” -certfile “C:\SSLcertificates\LetsEncrypt.pem” -out “C:\SSLcertificates\ADFS.pfx”

  1. Finaly; I ran the ADFS wizard and used the ADFS.pfx certificate.
1 Like