showing posts tagged with 'ssl'
by lunarg on November 3rd 2016, at 15:41
An SSL certificate and private key can be stored in many formats. Sometimes, it may be necessary to convert from one format to another. One such case is where you have a private and public key (certificate) in PKCS12 (PFX-file) format, and need the individual certificate and private key in X509 format. You can use OpenSSL to perform the conversion.

A PFX-file generally contains both the private and public key (certificate) and is usually secured with a passphrase. If the PFX-file you want to convert is secured with a password, you will need this in order to perform the conversion. If you do not have the password, there's no way to reset this and the PFX-file will be unusable. When performin  ...
by lunarg on June 21st 2016, at 15:31
Even when using Exchange SSL certificates that are signed by an internal CA, you will still occasionally have to renew them. Using EAC (https://your-exchange-server/ecp), this should be pretty straightforward, or is it?

After logging on to EAC, and navigating to "Servers" → "Certificates", select the expired certificate, then on the right pane, you can click "Renew" to generate a certificate signing request with all the proper SANs. This CSR can then be used with your internal CA to sign the request and generate a new certificate.

Unfortunately, you will most likely hit a snare: the CSR generated by the Exchange server does not contain any certificate tem  ...
by lunarg on August 24th 2015, at 16:09
Certain Certificate Authority providers, such as GoDaddy allow you to renew an SSL certificate using the same CSR and private key. This greatly simplifies the procedure to renew a certificate, but this can also complicate things if you don't have your private key readily available.

On a server running ADFS 3.0 for instance, you do not have IIS available to allow an easy SSL certificate renewal (or even a request). Or perhaps, you lost the current private key, or it is located somewhere where it's not easily accessible.

Luckily, there's a fairly easy way to extract the private key from the previous SSL certificate on your Windows server. By using the Windows Certificate store functionality   ...
showing posts tagged with 'ssl'