the Internet Windows Android
Expand
the main

Use the electronic signature key certificate. Using the electronic signature key certificate Convert CER in PFX closed key

Note: If you need / want / choose a solution, then you may want to use http://www.bouncycastle.org/ API.

Use the IIS server interface "Server Certificates" to "generate a certificate request" (details of this request go beyond this article, but these parts are critical). This will give you CSR prepared for IIS. Then you provide CSR to your CA and request a certificate. Then you take the CER / CRT file, which they give you, return to IIS, "complete certificate request", in the same place where you have created a request. It can request .cer, and you may be .CRT. This is the same. Just change the extension or use the expansion drop-down list. . To select your.CRT. Now give the right "friendly name" (* .yourdomain.com, yourdomain.com, foo.yourdomain.com, etc.) This is important! It must fit what you configure for CSR and that provided you with your CA. If you asked a wildcard sign, your CA should approve and generate a wildcard sign, and you must use it. If your CSR has been generated for foo.yourdomain.com, you must provide the same at this stage.

First, we need to extract the root CA certificate from the existing. CRT, because we need it later. So, open. CRT and click on the "Path to Certificate" tab.

Click the top certificate (in this case VeriSign) and click "View" certificate. Click the "Details" tab and click "Copy to File" ...

Select a certificate encoded in BASE-64 X.509 (.cer). Save it as rootca.cer or something like that. Place it in the same folder as other files.

Rename it from rootca.cer in rootca.crt. Now we have to have 3 files into our folder, from which we can create a PFX file.

Here we need OpenSSL. We can either upload and install it in Windows or simply open the terminal in OSX.

<�Сильный> Edit:

    After SuccessFully Install, Export The Certificate, Choose .pfx Format, Include Private Key.

    The Imported File Can Be Uploaded to Server.

((The corresponding quotes from the article are given below))

Then you need to create a file.pfx that you will use to sign your deployments. Open the command prompt window and enter the following command:

PVK2PFX -PVK YourPrivateKeyFile.pvk -spc YourCertfile.cer -PFX -PFXFILE.PFX -PO YouRFXPXPassword

  • pVK - YourPrivateKeyFile.pvk is a secret key file created in step 4.
  • sPC - YourCertfile.Cer is a certificate file created in step 4.
  • pFX - YourPFXFile.pfx is the name of the file being created .PFX.
  • pO - YourPFXPassword - Password you want to assign a file.pfx. You will be prompted to enter this password when adding a file.pfx to the project in Visual Studio. for the first time.

(Not necessarily (and not for OP, but for future readers) you can create files.cer I.PVK from scratch) (you would have done it before starting above). Please note that MM / DD / YYYY are fillers for start and end dates. See MSDN article for complete documentation.

Makecert -SV YourPrivateKeyFile.pvk -n "CN \u003d My Certificate Name" YourCertfile.cer -B MM / DD / YYYY -E MM / DD / YYYYY -R

This will allow you to create a PFX from your certificate and a closed key without the need to install another program.

Below are the steps used for the requested script.

<�Ол>
  • Choose current Type \u003d Pem.
  • Change for \u003d pfx
  • Upload certificate
  • Load your closed key
  • If you have a ROOT CA certificate or intermediate certificates, download them too.
  • Set the password for your selection used in IIS
  • Click Recaptcha to prove that you do not bot
  • Click "Convert"

And you must download PFX and use it in your import process in IIS.

I hope that this will help others, such as like-minded people, lazy technical people.

To install a personal certificate with an empty link to the private key, the CSP cryptopro application is used. You can start it in Windows using Start \u003e\u003e All Programs \u003e\u003e Crypto-Pro\u003e Cryptopro CSP. In the application window that appears, you need to select the Tools tab and click on the button. Install a personal certificate. Next, specify the location of the certificate file (file with the extension.cer) and click Next. Certificate properties viewing window Allows you to make sure that the correct certificate is selected; After checking, press the Next button again.

In the next window, you must specify a key container containing closed user keys.

IMPORTANT! In this step, only removable USB carriers or smart cards are used, as well as the operating system registry.

Cryptopro app CSP version 3.9 Allows you to find a container automatically by simplication of the corresponding flamber; Earlier versions after clicking the Overview button provide a list of available media from which you want to select the desired one. After selecting the container, click Next. The following window allows you to set the certificate installation settings in the repository. Selecting the required repository, click Next.

The next step is final and does not require any actions, except for pressing the button is ready.

After buying a certificate, you can download it in the "General Services" section. If you install the certificate to your server, use the installation examples provided here.

Formation on hosting .masterhost

If you want to install a certificate for a domain that is located on our virtual hosting, then it is possible in two ways:

  • SNI (free):

    Tree Services - Domain - Support SSL - Add.

  • Dedicated IP (140 rubles per month. Usually required to work with some payment systems):

    Tree Services - Domain - Dedicated IP \\ SSL - Add.

    In the drop-down menu, select the certificate.

* To update the certificate, for example, after its extension, perform similar actions:

Tree Services - Domain - Support SSL or Dedicated IP \\ SSL

(Depending on the installation method) - change.

Formation on Windows Hosting

If you have a Windows playground, the certificate installation is also possible in two ways:

To install the certificate, you must first combine the .CRT and .KEY files received from us to one .pfx files.
You need to execute such a command:

openSSL PKCS12 -Export -out domain.tld..pfx -inkey PrivateKey.Key -in Certificate.crt * domain.tld - Your domain.
domain.tld.pfx - the name of the certificate you will receive as a result of the merger;
privateKey.Key - private key;
certificate.crt - the certificate itself, which we gave you.

When executing the command, you specify a password for PFX twice and write it to the domain.tld.pwd file. Both files (domain.tld.pwd and domain.tld.pfx) copy to the root of the site (the root of the site is a directory in which the folders of your domains are located), after that we connect the "Highlighted IP / SSL" service in

Tree Services - Domain - Dedicated IP \\ SSL - Add.

In case of difficulties, contact technical support.

Pache.

  • Copy files SSL certificateand on your server.
  • Then you need to find the Apache configuration file for editing.

    Most often, similar configuration files are stored in / etc / httpd. In most cases, the main configuration file is called httpd.conf. But in some cases blocks May be located at the bottom of the httpd.conf file. Sometimes you can find such blocks as Separately under the directory, for example, /etc/httpd/vhosts.d/ or / etc / httpd / sites /, or in a file called ssl.conf.

    Before opening the file in text editor, You must make sure that there are blocks In which contain Apache settings.

  • Next set SSL blocks For configuration setting.

    If you need your site to work with both protected and unprotected connections, you need a virtual host for each connection. To do this, you should make a copy of an existing unprotected virtual host And create it for an SSL connection as described below in clause 4.

  • Then create blocks To connect SSL connections.

    Below for you is a very simple example of a virtual host for an SSL connection. In SSL, the configuration must be added parts that are selected by bold:

    Documentroot / var / www / html2 servername www.yourdomain.com sslengine on sslcertificatefile /path/to/your_domain_name.crt sslcertificatekeyfile /path/to/your_private.key sslcertificatechainfile /path/to/root.crt Correr file names to match certificate files:
    • SslcertificateFile - your certificate file (for example: your_domain_name.crt).
    • SSLCERTIFICATEKEYFILE - a key file created when generating CSR.
    • SSLCERTIFICATECHAINFILE - root certificate file.
  • Now check the Apache configuration before restarting. It is always better to check the Apache configuration files on errors before restarting. Since Apache does not start again, if the configuration files will appear syntactic errors. To do this, use the following command: Apachectl Configtest
  • And now you can restart Apache.

Ginx.

  • Copy the certificate files to the server.

    Copy your certificate (your_domain_name.crt) and root certificate (root.crt) together with the C.KEY file that you generated when creating a CSR query to the directory on your server where you are going to install a certificate. To ensure security, save files with the "read only" margin.

  • Connect the certificate with the root certificate.

    You need to connect the certificate file with the root certificate file to one .Pem file by running the following command:

    cat root.crt \u003e\u003e your_domain_name.crt
  • Change the NGINX virtual host file.

    Open your NGINX virtual host file for the site you protect. If you need the site to work and with a secure connection (HTTPS), and with unprotected (HTTP), you need a server module for each type of connection. Make a copy of an existing server module for an unprotected connection and insert the original below. After that, add the lines below the bold:

    server (LISTEN 443; SSL ON; SSL_CERTIFICATE /etc/ssl/your_domain_name.crt; (or .pem) ssl_certificate_key /etc/ssl/your_domain_name.key; server_name your.domain.com; access_log / var / log / nginx / nginx. vhost.access.log; error_log /var/log/nginx/nginx.vhost.error.log; Location / (root /home/www/public_html/your.domain.com/public/; index index.html;)) Configuring File Names:
    • sSL_CERTIFICATE - a file containing the main and root certificates (step 2).
    • sSL_CERTIFICATE_KEY is a key file that was generated when creating CSR.
  • Restart nginx.

    Enter the following command to reboot NGINX:

    sudo /etc/init.d/nginx Restart.

XChange 2010.

  • Copy your certificate on Exchange server.
  • Then run the Exchange Management Console in this way: START\u003e PROGRAMS\u003e Microsoft Exchange 2010\u003e Exchange Management Console.
  • Now press "MANAGE DATABASES" and then "Server Configuration".
  • Next, select your SSL certificate from the menu in the center window, then click on "Complete Pending Request" in the "Actions" menu.
  • Open your certificate file, after click Open\u003e Complete

    Exchange 2010 quite often gives an error message that starts the phrase "The Source Data IS Corrupted or Not Properly Base64 Encoded." Ignore this error.

  • Next, go back to the Exchange Management Console and click "Assign Services to Certificate" to start using the Certificate.
  • From the list, select Your Server, click "Next".
  • Now select the services that must be protected by the certificate and click Next\u003e Assign\u003e FINISH. Now your certificate is installed and ready to use on Exchange.
Did not find an answer to your question? Look at here
State Services Personal AccountState Services Personal Account
State Supervisory Cabinet- Entrance on SNILS and TelephoneState Supervisory Cabinet- Entrance on SNILS and Telephone
Single telephone rescue service in the Russian FederationSingle telephone rescue service in the Russian Federation