I downloaded an ACME client from https://github.com/PKISharp/win-acme and was able to request and download certificates from a Windows server; but I did not receive a private key. My end goal is to get a certificate that I can later use to setup ADFS (which must be in PFX format).
My domain is: adfs.vohrahealthservices.com
I ran this command:
It produced this output:
My web server is (include version): IIS 8.0
The operating system my web server runs on is (include version): Windows Server 2012
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
the private key is on your server. You must have the private key to use a certificate.
Windows uses the pfx format.
You have a new certificate ( https://check-your-website.server-daten.de/?q=adfs.vohrahealthservices.com ):
expires in 89 days adfs.vohrahealthservices.com - 1 entry
So check your Webhosting - Certificate store, there you should find the certificate.
Then you can export the certificate as pfx-file with the private key.
Thanks for your help. You are correct that they key was in IIS and my certificate store; but neither allowed me to export it nor the certificates. However; I was able to generate a PFX certificates by following the following steps:
When requesting the certificate, I chose 3: Write .pem files to folder (Apache, ngnix, etc.) instead of saving it to the IIS Central Certificate Store or Windows Certificate Store.
Opened the certificate chain file (domainname.com-chain) and created another PEM file with the first certificate (domainname.com-certificate.pem) and another with the second certificate (LetsEncrypt.pem).
Ran OpenSSL and used the command below to export a PFX certificate from the downloaded certificates:
openssl pkcs12 -export -inkey “C:\SSLcertificates\domainname.com-key.pem” -in “C:\SSLcertificates\domainname.com-certificate.pem” -certfile “C:\SSLcertificates\LetsEncrypt.pem” -out “C:\SSLcertificates\ADFS.pfx”
- Finaly; I ran the ADFS wizard and used the ADFS.pfx certificate.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.