Generate certificate CSR (.pem , .cer , .crt) to covert PFX easily with OpenSSL command line
Hello, we are going to implement a certificate file for being use for an App Service.
For that we will need that you already have bought your certificate or generate it( for free with OpenSSL & Let’s Encrypt).
For this guide I will assume you have OpenSSL installed on your machine, for that open your favorite terminal/command line/cmd and type:
openssl version -a
In this example we are going to use a certificate from GoDaddy, but the steps for mostly provider are almost the same(for example: name.com)
Usually some SSL providers ask you for a CSR(Certificate Signing Request), this file is the encrypted information of your Domain, we will be asked for this information when generating the CSR keys , it usually contains:
- Common Name: The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc.
- Organization: The full legal name of your organization including the corporate identifier.
- Organization Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’
- City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate.
- State or Province: The state or province where your organization is legally incorporated. Do not abbreviate.
- Country: The official two-letter country code (i.e. US, CH) where your organization is legally incorporated.
Now we are going to open a Command Line/Terminal/CMD in your desired terminal, and run the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out CertRequest.csrIt will ask us for the Domain Information please skip setting a challenge password by leaving it on blank and typing enter , and will generate the files
Now you can open the .csr file with the text editor of your preference, and copy the content completely:
Now we go to GoDaddy, sign in, select the Certificate by clicking the “Manage” button
Here we are going to click Re-Key and we will paste the key we already copied, and then click save.
Scroll down and make sure you save all the configuration with a second button of “Save all changes”
After that, we continue by downloading the certificate configuration in the GoDaddy’s website, download it as an IIS.
When the downloaded file is unzipped, it will contain a .crt file, please move those files to the directory where we generated and ran the .csr file. Then we have to open a Command Line/Terminal/CMD to execute OpenSSL so we can convert the .crt to PFX
Now that we have this files, we can open a Command Line Terminal in the directory where are the files and type
openssl pkcs12 -export -out <YOUR-DOMAIN.NAME>.pfx -inkey private.key -in certificate.crtAs soon as my type Enter to execute the command, it will ask us for a export password. Please remember this password since it is needed for it’s usage
After setting the Export Password and Verifying it, it will generate us the <YOUR-DOMAIN.NAME>.pfx file in the directory your command line is working:
Now with that done, we are ready to upload the .PFX certificate file to Azure, so it can be used from an App Service.
For that go to Azure Portal > App Services > your App Service Name > TLS/SSL Settings > Private Key Certificate > Upload Certificate.
In there it will ask you to upload the .PFX file and type the Export Password we create when ran the OpenSSL command:
You click on upload and your certificate is ready to work, it will be listed in the portal:
You can click on the certificate to check its vitality:
Now in Binding, we can click “Add TLS/SSL Binding” and select the certificate to SSL bind your site.
After clicking on Add Binding, it will notify me that the site when the Binding Process is done, then you can check it if your site if you want
If you have any further questions or concerns, please feel free to contact me. I am always glad to advise!
Thanks for reading my blog ?
Dorian Isaac Vallecillo Calderón
LinkedIn Profile: https://www.linkedin.com/in/dorianivc/
Email: dorianivc1@gmail.com
Free Certificate for App Services
Azure
Certificate
Convert pem to pfx
convert cer to pfx
use free cert on azure