To extract an OpenSSH compatible public key from it, you can just run: ssh-keygen -f private.pem -y > private.pub If you just want to share the private key, the OpenSSL key generated by your example command is stored in private.pem, and it should already be in PEM format compatible with (recent) OpenSSH. This means that you need to store the X.509 certificate, in addition to the private key, if you wish use the same key for both OpenSSL and OpenSSH. The certificate contains information that is not present anywhere else and each certificate is unique and can not be recreated at will. Also, these certificates are not X.509, so they are incompatible with OpenSSL. OpenSSH does have support for certificates as well, but it is likely that you are not using this support. This certificate is not something OpenSSH traditionally uses for anything - and it definitely is not the same thing as a public key only. However, the OpenSSL command you show generates a self-signed certificate. Private keys are normally already stored in a PEM format suitable for both. I also have no clue the differences between the PFX file generated by OpenSSL and the PFX file generated by MMC, but clearly there's a difference and Azure preferes the latter.Ssh-keygen can be used to convert public keys from SSH formats in to PEM formats suitable for OpenSSL. I'm not an export in SSL certificates so I'm not sure if all of these steps are necessary, I just know that they worked for me. The PFX file generated from the MMC app will upload to the Azure Portal correctly. Give the file a password, then save the file. Then on the next page choose "PFX" option, then check "Export all extended properties". When exporting be sure to check "Yes, export the private key".Once the PFX file is imported you need to right click on the server certificate and then "export." it.Important that when you import it that you check "Mark this key as exportable." Then import this PFX file into MMC (Microsoft Management Console). Openssl.exe pkcs12 -in chain.pem -inkey PRIVATEKEY.key -export -out myPrivateCert.pfx Then export this file as a PFX using openssl Here's the complete solution.Ĭombine the CRT files (ServerCertificate.crt then Intermediate.crt then root.crt) into a single chain.pem file The PFX file generated after his steps still wasn't accepted by Azure. I followed the steps from but it was only part of my problem.
0 Comments
Leave a Reply. |