An SSL certificate and private key can be stored in many formats. Sometimes, it may be necessary to convert from one format to another. One such case is where you have a private and public key (certificate) in PKCS12 (PFX-file) format, and need the individual certificate and private key in X509 format. You can use OpenSSL to perform the conversion.
A PFX-file generally contains both the private and public key (certificate) and is usually secured with a passphrase. If the PFX-file you want to convert is secured with a password, you will need this in order to perform the conversion. If you do not have the password, there's no way to reset this and the PFX-file will be unusable. When performin ...
Even when using Exchange SSL certificates that are signed by an internal CA, you will still occasionally have to renew them. Using EAC (https://your-exchange-server/ecp), this should be pretty straightforward, or is it?
After logging on to EAC, and navigating to "Servers" → "Certificates", select the expired certificate, then on the right pane, you can click "Renew" to generate a certificate signing request with all the proper SANs. This CSR can then be used with your internal CA to sign the request and generate a new certificate.
Unfortunately, you will most likely hit a snare: the CSR generated by the Exchange server does not contain any certificate tem ...
Certain Certificate Authority providers, such as GoDaddy allow you to renew an SSL certificate using the same CSR and private key. This greatly simplifies the procedure to renew a certificate, but this can also complicate things if you don't have your private key readily available.
On a server running ADFS 3.0 for instance, you do not have IIS available to allow an easy SSL certificate renewal (or even a request). Or perhaps, you lost the current private key, or it is located somewhere where it's not easily accessible.
Luckily, there's a fairly easy way to extract the private key from the previous SSL certificate on your Windows server. By using the Windows Certificate store functionality ...
You can use the CertReq command line tool to request SAN SSL certificates. This can be useful where you have an internal (web)server which also needs to be available using another (alternate) DNS name.
First create a template file you can use, specifying the required parameters. Save it with a name, e.g. request.inf and save it to a temporary (work) folder (or simply your desktop):
;----------------- request.inf -----------------[Version]Signature="$Windows NT$"[NewRequest]Subject = "CN=SERVER1.domain.com, OU=Some OU, O=Organization, L=City, S=State, C=US";Subject = "CN=SERVER1.domain.com"KeySpec = 1KeyLength = 2048; Can be 2048, 4096, 8192, or 16384.; Larger ...