Here are the commands I follow to create a certificate and accept it usin Windows Server's CA Server.
certreq -new -f -q $answerFile.FullName $requestFile.FullName
certreq -submit -f -q -config $AuthorityCertificatesServer $requestFile.FullName $publicCertFile.FullName | Select-String 'Id. de solicitud: (\d+)' | ForEach-Object { $_.Matches.Groups[1].Value }
certutil -resubmit $ID_SOLICITUD
certreq -retrieve -f -q -config $AuthorityCertificatesServer $ID_SOLICITUD $publicCertFile.FullName
certreq -accept -f -q -user -config $AuthorityCertificatesServer $publicCertFile.FullName
certutil -f -user -exportPFX -p '' My $thumbprint $pfxCertFile.FullName NoRoot
openssl pkcs12 -in $pfxCertFile.FullName -clcerts -nokeys -out $DOMAIN.crt -passout pass: -passin pass:
openssl pkcs12 -in $pfxCertFile.FullName -nocerts -out $DOMAIN.key -passout pass: -passin pass:
I have problems with the last 3.
certutil -f -user -exportPFX -p '' My $thumbprint $pfxCertFile.FullName NoRoot
This creates the pfx file (I assume with an empty password)
But these 2:
openssl pkcs12 -in $pfxCertFile.FullName -clcerts -nokeys -out $DOMAIN.crt -passout pass: -passin pass:
openssl pkcs12 -in $pfxCertFile.FullName -nocerts -out $DOMAIN.key -passout pass: -passin pass:
Fail with
Mac verify error: invalid password?
New-WebHostingCertificate : Couldn't convert from PFX to Apache CRT/KEY
En línea: 1 Carácter: 1
+ New-WebHostingCertificate mywebsite.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-WebHostingCertificate
Mac verify error: invalid password?
Any idea why?
-passout pass: -passin pass:""
? I'm not surecertutil
exports correctly with blank passwords (it's at least unable to import with blanks). Is there any reason not to just put an actual password in the script like-exportPFX -p 'foo'
?openssl
can strip it later with-noDES