Convert certificate(.pem , .cer , .crt) to PFX easily with OpenSSL command line
Hello I hope this guide finds you well.
I was asked how to convert a certificate gotten from ZeroSSL(which gives ca_bundle.crt, certificate.crt and private.key files when generated), to be used on Azure App Services.
For this guide I will assume you have OpenSSL installed on your machine, for that open your favorite terminal/command line/cmd and type:
openssl version -a
This command should return an output like the following, if it does not look similar, it could mean that you don’t have OpenSSL installed in your machine.
Now that we know we have OpenSSL on our system, this is actually a pretty easy, I got some a free SSL Certificates from ZeroSSL for 30 days for site for testing purposes. Since I used Managed Certificates of App Service for “guidesforeveryone.com” which generate a FREE certificate issue by DigiCert for a year, and I bought another SSL certificate for a year, so it covers the “www.guidesforveryone.com” subdomain(Issued by Encryption Everywhere DV TLS CA – G1)
So After the Domain Validation on ZeroSSL, we are able to download the certificate. In this case we to download it as Default Format
This will download a .zip file, which has 3 files
- ca_bundle.crt
- certificate.cr
- private.key
Now that we have this files, we can open a Command Line Terminal in the directory where are the files and type
openssl pkcs12 -export -out <YOUR-DOMAIN.NAME>.pfx -inkey private.key -in certificate.crtAs soon as my type Enter to execute the command, it will ask us for a export password. Please remember this password since it is needed for it’s usage
After setting the Export Password and Verifying it, it will generate us the <YOUR-DOMAIN.NAME>.pfx file in the directory your command line is working:
Now with that done, we are ready to upload the .PFX certificate file to Azure, so it can be used from an App Service.
For that go to Azure Portal > App Services > your App Service Name > TLS/SSL Settings > Private Key Certificate > Upload Certificate.
In there it will ask you to upload the .PFX file and type the Export Password we create when ran the OpenSSL command:
You click on upload and your certificate is ready to work, it will be listed in the portal:
You can click on the certificate to check its vitality:
Now in Binding, we can click “Add TLS/SSL Binding” and select the certificate to SSL bind your site.
After clicking on Add Binding, it will notify me that the site when the Binding Process is done, then you can check it if you want:
You can see in the Browser by clicking on the “Lock/HTTPS” symbol the Certificate in use:
If you have any further questions or concerns, please feel free to contact me. I am always glad to advise!
Thanks for reading my blog ?
Dorian Isaac Vallecillo Calderón
LinkedIn Profile: https://www.linkedin.com/in/dorianivc/
Email: dorianivc1@gmail.com
Free Certificate for App Services
Azure
Certificate
Convert pem to pfx
convert cer to pfx
use free cert on azure