我从GoDaddy获得了SSL证书,并下载了证书和两个文本文件。 我需要为Azure Web Service应用程序生成pfx文件。 Godaddy向我发送了两个.crt文件和两个文本文件,其中一个文本文件名为“generate-private-key.txt”。
问题1:私钥文本文件是否是OpenSSL pfx文件转换实用程序的有效输入密钥文件?
问题2:.crt文件名称中是否有任何指示以确定哪个文件用作OpenSSL实用程序的输入?
我发现这个很复杂。对我来说,拼凑这13个步骤相当于一个五扳手级别的Haynes手册。希望这可以帮到你,当然如果有哪些步骤可以简化,请提供反馈。
作为参考,我将我的应用程序托管在Azure上,并从Godaddy购买了通配符证书。
1. Create CSR (Certificate Signing Request):
a. Open IIS (start, type IIS, should get Internet Information Services, if not you may need to install IIS first) on your development machine locally,
b. Service Certificates, Create Certificate Request. Fill out your company details, these appear to be simple free text fields although I suspect the company name and address should match with what you've submitted to godaddy. Choose 2048 bit encryption.
c. Save CSR file on c: drive
2. Login to godaddy and rekey the certificate:
a. Login to godaddy, choose myproducts, certificates. Click your certificate then manage
b. Manage certificate section, paste in the text from your CSR file (open in notepad first locally) then 'add change'. Then 'Submit all changes'. It seemed to suggest then that I had to go all through domain verification now but this cleared when I refreshed after 5 minutes
3. Now in the 'Download Certificate' section, choose Server Type IIS then download zip file
4. Convert the crt file to a cer file:
a. Extract the files from the zip file
b. Double click the crt file,
c. Choose open, details tab, copy to file button then save the .cer file
5. Go back into IIS and choose 'Complete Certificate Request'. Feed it the .cer file you downloaded.
6. Chose a friendly name, I think this is only for your reference on your machine. Then ok. This should set your certificate up on your IIS locally.
7. Right click on the new certificate within IIS 'Server Certificates' section and choose export. Add a secure password (you'll need it later). You can now export the hallowed .pfx file
8. Login to azure, go to your appservice that you wish to secure, and choose the 'TLS/SSL settings' blade. Click the 'Private Key Certificates(.pfx) word at the top of the page (this is a tab).
9. Choose the plus button to the left of 'Upload Certificate'. Feed in your pfx file and your password from earlier.
10. Go back to bindings for your app. There is a small section marke 'Add TLS/SSL Binding' with a plus to the left of it, it looks like a heading but is in fact a button.
11. Your custom domain should be selectable (if not add a custom domain in the Custom Domains blade), choose your certificate that you uploaded in step 9, and choose SNI SSL. Add Binding button at the bottom.
12. Ensure the HTTPS Only slider is set to 'On'
13. Repeat for all your appservices.
openssl pkcs12 -export -out pfx.pfx pem.pem
不起作用。 - Richard Barracloughopenssl
命令在哪里输入?这似乎不是一个有效的命令行命令或程序。 - Jonathan Wood