My blog’s SSL certificate recently expired and it was a mad dash to get a new one and back to HTTPS status. I always forget all of the openssl commands so figured I’d document them here for my future reference but also thought I’d share as a quick reference for others. I use my domain name (purepowershellguy) for all of the <NAME> references.
1. Create Key and CSR files
2. Copy the CSR certificate data the service you are using to obtain the CRT.
Open up in your editor of choice and copy to use with
your certificate service (eg. digicert, network solutions).
-----BEGIN CERTIFICATE----- Blah, blah, blah.... -----END CERTIFICATE-----
3. Create P7B file from CRT
4. Create PEM file from P7B
5. Create PFX from Key and PEM files
6. Add PFX to web server
openssl req -new -key <NAME>.key -out <NAME>.csr openssl crl2pkcs7 -nocrl -certfile <NAME>.crt -out <NAME>.p7b openssl pkcs7 -in <NAME>.p7b -inform PEM -out <NAME>.pem -print_certs openssl pkcs12 -export -inkey <NAME>.key -in <NAME>.pem -name <NAME> -out <NAME>.pfx
Reminder for myself.