When in the need to send a certifcate request to a certificate issuer i find it best to use openssl. I’ve seen people using IIS multiple time and failing either because they cancel the request by making a new, or by importing the certificate with the private key non-exportable when needing to move it to another computer. My previous post about Exporting non-exportable certificates will solve that however, but is still prefare using openssl.
In this case i’ll request a certificate called portal.mydomain.com
To make a certifcte request run
Openssl genrsa -out portal.key -1024
you should now have a file called portal.key
Now run
openssl req -new -key portal.key -out portal.csr
you don’t have to supply a password when asked for it, just press enter
Run cat portal.csr
This text need to be suplied to the certificate issuer, and you should get a .cer or .crt file back from them or you can sign the certificate by your self.
openssl x509 -req -days 365 -in portal.csr -signkey portal.key -out portal.crt
Either way you’ll end up with a nwe file .cer or .crt
Now you can export the certificate to make a .p12 that contains the private key and can be imported to a webserver.
openssl pkcs12 -export -in portal.crt -inkey portal.key -out portal.p12
I retreive the certificate to my windows server by using PSCP
Now i can import the certificate to my windows server with the privatekey.
Open an elevated MMC and import the certificate.
When browsing select all files to view the .p12
Enter the password that you supplied when exporting the .p12, if you want to be able to export the certificate with the private key, mark the checkbox for exporting.
Now you should have a certificate with the private key.
GSEC 
Leave a comment