Create the CSR
Go the certificate in your keyvault and select certificate operation. From here you can download the CSR you'll need at godaddy.
On the Godaddy website you'll need to choose "rekey" and copy the CSR text into their field.
Once that process has completed you'll be able to download the latest certificate from them.
Converting to PFX.
To import a new version of the certificate you'll need to have a pfx file and it will need to include the following:
- The certificate (.crt file downloaded from Godaddy)
- The intermediate CA (.p7b file downloaded from Godaddy)
- The private key (not provided by Godaddy)
To get the private key you'll need to download the existing certificate pfx file from the azure key vault. If you navigate to the current version of the certificate it will let you download the certificate in PFX/PEM format.
Here are the steps to get the private key once you have the PFX file:
-
Export the private key out of the pfx file
openssl pkcs12 -in .\my_domain-wildcard-20220622.pfx -nocerts -out priv-key.pem -nodes
-
Open the priv-key.pem file that was just created and copy out the private key section and save to
private.key
file.
To include the intermediate CA info you'll have to convert the .p7b file to a .crt file. You can do that by running the following command:
openssl pkcs7 -print_certs -in my_intermediates.p7b -out my_intermediates.crt
Now that you've got the certs, the intermediate CA and the private key you can create the PFX file.
openssl pkcs12 -export -out my_domain-new.pfx -inkey private.key -in my_domain.crt -certfile my_intermediates.crt
You will have to specify an export password. don't forget it!
Now that you have your PFX file you can upload it in key vault.
- Navigate to your certificate and select "New Version"
- For "Method of Certificate Creation" choose "Import"
- Browse to the PFX file that you just created and input the export password in the Password field.
- Click "Create"