How to make an SSL private key
Export a private key from Certificate fold on your IIS server:
1) Click Start, and then search for Run.
2) Type in mmc and click OK.
3) From the File menu, choose Add/Remove Snap-in.
4) Select Certificates and then Add.
5) Choose the Computer account option and click Next.
6) Select Local Computer and then click Finish.
7) Click Close, and then click OK. The snap-in for Certificates (Local Computer) appears in the console.
From the MMC console opened in the above steps:
1) Expand the Certificates (Local Computer) tree in the left preview panel.
2) Right-click Personal and select All Tasks > Import.
3) The Certificate Import Wizard appears. Click Next.
4) Browse to the location of your Server Certificate file and click Next.
5) Select Place all certificates in the following store and click Next.
6) Click Finish to complete the Certificate Import Wizard.
7) A dialog box appears indicating the import was successful. Click OK.
Next, convert .pfx format to .pem format using OpenSSL command in the terminal:
“openssl pkcs12 -in support.mydomain.com.pfx -out support.mydomain.com.pem -nodes”
Customers sometimes have a need to export a certificate and private key from a Windows computer to separate certificate and key files for use elsewhere. Windows doesn’t provide the means to complete this process.
Exporting Certificates from the Windows Certificate Store describes how to export a certificate and private key into a single .pfx file. Follow the procedure below to extract separate certificate and private key files from the .pfx file.
- Take the file you exported (e.g. certname.pfx) and copy it to a system where you have OpenSSL installed. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
- Run the following command to export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- Run the following command to export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- Run the following command to remove the passphrase from the private key:
openssl rsa -in key.pem -out server.key