Categories

Archives

Importing Server Certificate with private key on IIS without creating CSR

Ok, here is a guide how to import a server certificate which comes with a key in a file. Additionally the import is being made on a Server on which hasn’t been created a CSR for the certificate.

  1. The first thing we need is OpenSSL, binaries are freely available on Internet. Put all the files into sub folder under /bin directory of OpenSSL
  2. The Server Certificate public key will be in a file with mostly .crt or .cer extension, addtionally there will be a file with a private key, optionally there can be also a file with intermediate_CA certificate (for some services like Cisco WLC it is important to include the intermediate_CA in the server certificate).
  3. First combine all the certificates (if you have intermediate and root in different files) to one. That should look like:
    ------BEGIN CERTIFICATE------
    *Device cert*
    ------END CERTIFICATE------
    ------BEGIN CERTIFICATE------
    *Intermediate CA cert *
    ------END CERTIFICATE--------
    ------BEGIN CERTIFICATE------
    *Root CA cert *
    ------END CERTIFICATE------
  4. And save that file as allcerts.pem
  5. Then you should combine the allcerts.pem with the private key. Run Openssl and:
    pkcs12 -export -in .\subfolder\allcerts.pem -inkey .\subfolder\private.key -out .\subfolder\certificate.p12 -passout pass:123

    (here I used “123” as a password for the certificate).

  6. Now let’s move the file certificate.p12 to the server where we want to install it and run mmc.exe, choose from file menu Add\Remove Snap-in and from the list choose certificates. Load the snap-in for local computer – that’s very important.

    Certificates

    Certificates

  7. Go to personal and import a new certificate

    Import

    Import

  8. Now you look for your certificate.p12 file, you will have to change the view to all files *.* to be able to see it.
  9. While importing you will be asked for the certificate passwort (you know what it is) and you can check to mark the private key exportable. That is also useful if you want to export the certificate later and be able to import it on another server.

    Import

    Import

  10. The Import should be successful and you can open your certificate with double click on it. You should see that you have the private key for the certificate. That means that certificate can be used for let’s say SSL.

    Imported Cert

    Imported Cert

  11. That is almost all. Now you ask how can you use that certificate in IIS? Nothing easier, you go to your IIS console and click Server Certificates – you will see your newly imported certificate. You can also go to bindings and under HTTPS you will be able to choose the certificate you just imported.

 

This post is also available in: German

Comments are closed.