I am trying to setup my private domain but I don’t seem to have a way to get my private key off the certificate I created in Windows. Can you help me understand how to do this?
Hi Scott 3 Rep. I hope this helps you in directing your quest, a friend of mine once used an article from namecheap.com’s knowledge base that was like this:
Windows operating systems (IIS, Exchange, Small Business server)
Windows systems do not allow retrieving the private key in plain text. When an SSL certificate is imported either through MMC or IIS, the matching private key is bound to the certificate automatically, of course, if the certificate is being imported to the same instance the key was generated on. But if we need to get the private key for example for the certificate installation on another server, there is an option to export the key in a password protected file (PFX or PKCS12 format). To do so, you will need to open MMC Certificates snap-in in the following way:
Win+R > mmc.exe > OK > File > Add/Remove Snap-in > Certificates > Add > Computer account > Next > Local computer > Finish > OK
Then navigate to Certificate Enrollment Requests > Certificates (if the certificate request was not completed) or Personal > Certificates (if the certificate request was already completed) folder, right-click on the certificate entry and click All Tasks > Export to open the export wizard. More details on the export process can be found here.
As a result, you will receive a .pfx file containing the key. To get the key in plain text, you can convert the .pfx into PEM encoded files using tool (PKCS#12 to PEM option).
Thanks Sutchata, I ended up figuring it out using ssladmin on a Mac and it essentially did the same thing for me as the tool you linked to above.
Personally I’m not sure I would be comfortable sending my .pfx and password to a service like that as essentially they would then have your private key and cert and could spoof using your certificate.
Thanks for the pointer though.