0

I followed these steps to create CSR using opnssl

  • openssl genrsa -out IIS2019.key 2048
  • openssl rsa -in IIS2019.key -pubout -out IIS2019_public.key
  • openssl req -new -key IIS2019.key -out IIS2019.csr

I Copied the CSR in noip.com for generating free ssl certificate "Trustcor Standard DV" for my website hosted on VMware IIS WS2019. They provided me certificate in 4 formats

  • apptrade_zapto_org.pem-chain
  • apptrade_zapto_org.pkcs7
  • apptrade_zapto_org.pem
  • apptrade_zapto_org.der

I have Windows Server 2019 installed on my VmWare and now I want to add this ssl to my website running on IIS 10 running on WS2019 on VMWare but now I can't find this record in my Add https SiteBinding for ssl certificate dropdown? Also when I return back again to Server Certificae on my webserver I find the grid empty with previously added record missing.

I even tried to use *.cer instead of *.pem while adding server certificate by converting apptrade.zapto.org.pem to apptrade.zapto.org.cer using below powershell command

openssl x509 -outform der -in apptrade_zapto_org.pem -out apptrade_zapto_org.cer

but faced same issue with this method also.

I even tried to repeat the same steps on my Windows 10 machine with IIS-10 and still faced same issue there as well.

Note: The issue is happening only when I generate ssl certificate using openssl CSR method. If I however generate CSR using mmc(microsoft management console) by following process mentioned here then I face no issue.

enter image description here

Hemendr
  • 673
  • 6
  • 12

2 Answers2

1

You cannot use "Complete Certificate Request..." because you didn't generate the CSR via "Create Certificate Request...".

You need to merge the private key with the certificate, and then use "Import..." into IIS Manager.

More information can be found in this post

Lex Li
  • 60,503
  • 9
  • 116
  • 147
  • That was reall helpful @Lex Li. Thank you very much. I was successfull able to add certificate using openssl by following your suggestion!. – Hemendr Jul 01 '22 at 20:47
1

First I would like to thank Lex Li for answering my question. I was able to add ssl certificate using openssl by following advice of Lex Li and in his commets he has mentioned link that explains the solution in more detail. However I am just adding steps that I took for others to refer.

Step-1: Generate Private Key using openssl

openssl genrsa -out myServerPrivate.key 2048

Step-2: Generate CertificateRequest to be submitted to CA using openssl

openssl req -out myServerCertificateRequest.csr -key myServerPrivate.key -new -sha256

Step-3: Submit myServerCertificateRequest.csr to CA and download your certificate in any of these format (.pem-chain, .pkcs7,.der,.pem, *.cer)

Step-4: Generate myServerCertificate.pfx from myServerCertificate.pem-chain (you can use any format insted of *.pem-chain). In this step you will be asked "Enter Export password" so choose your passward that will be required later in Step-5 during import certifiate in IIS.

openssl pkcs12 -export -in myServerCertificate.pem-chain -inkey myServerPrivate.key -out myServerCertificate.pfx

Step-5: Import your myServerCertificate.pfx in IIS Manager via Import menu item in Actions panel and enter the passward when prompted.

Hemendr
  • 673
  • 6
  • 12