Setting up SSL Certificate

My blog’s SSL certificate recently expired and it was a mad dash to get a new one and back to HTTPS status. I always forget all of the openssl commands so figured I’d document them here for my future reference but also thought I’d share as a quick reference for others. I use my domain name (purepowershellguy) for all of the <NAME> references.


1. Create Key and CSR files
2. Copy the CSR certificate data the service you are using to obtain the CRT.
Open up in your editor of choice and copy to use with
your certificate service (eg. digicert, network solutions).


Blah, blah, blah....

3. Create P7B file from CRT
4. Create PEM file from P7B
5. Create PFX from Key and PEM files
6. Add PFX to web server

openssl req -new -key <NAME>.key -out <NAME>.csr
openssl crl2pkcs7 -nocrl -certfile <NAME>.crt -out <NAME>.p7b
openssl pkcs7 -in <NAME>.p7b -inform PEM -out <NAME>.pem -print_certs
openssl pkcs12 -export -inkey <NAME>.key -in <NAME>.pem -name <NAME> -out <NAME>.pfx

Reminder for myself.


Add Comment

Required fields are marked *. Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.