Last active
March 13, 2018 21:00
-
-
Save Max-AR/df31fff7a5c8884be532e591232a26fd to your computer and use it in GitHub Desktop.
Prepare a public/private key pair for deployment in IIS 7 in Windows without CSR - Openssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# How do I deploy an ssl certificate to an IIS server without a CSR? | |
# These are the basic commands that will generate a .pfx file for IIS on OSX | |
# Assuming that we have a .p7b (public key) file, we will need to convert to a .pem file for openssl. | |
# This can contain your intermediate certs as well. | |
openssl pkcs7 -print_certs -in ./ssl_certificate.p7b -out ./ssl_certificate.pem | |
# Double check for consistiency after conversion, the sha numbers should be the same | |
privatesha1=$(openssl rsa -modulus -noout -in ./private.key | openssl sha1); | |
publicsha1=$(openssl x509 -modulus -noout -in ./ssl_certificate.pem | openssl sha1); | |
if [ "$privatesha1" == "$publicsha1" ]; then | |
echo "Your private and public key match!" | |
else | |
echo "These keys do not match!" | |
fi | |
# Once we have the .pem generated for openssl, we then create the .pfx for IIS | |
openssl pkcs12 -export -out ./keys.pfx -inkey ./private.key -in ./ssl_certificate.pem | |
# If your intermediate certs were in a separate file the .pfx is generated like so; | |
openssl pkcs12 -export -out ./keys.pfx -inkey ./private.key -in ./ssl_certificate.pem -certfile ./cacerts.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment