fszlin / certes

A client implementation for the Automated Certificate Management Environment (ACME) protocol
MIT License
552 stars 122 forks source link

How to generate public and private keys #303

Open mmsw-git opened 1 year ago

mmsw-git commented 1 year ago

Hello, I would like to ask you for a help. I am using next .NET 4.8 code for PFX saving, which is good for IIS.

`Dim privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256) Dim cert As CertificateChain = Await myOrder.Generate(New CsrInfo With {.CommonName = dr, .CountryName = "CZ", .State = "Czech", .Locality = "", .Organization = "", .OrganizationUnit = "CA"}, privateKey)

Dim pfxBuilder = cert.ToPfx(privateKey) Dim pfxData = pfxBuilder.Build(dr, My.Settings.pfxPassword) Dim pfxFileName = Path.Combine(My.Settings.pfxFolder, dr & ".pfx") File.WriteAllBytes(pfxFileName, pfxData)`

I need to have separate private and public keys for streaming software Unreal Media Server. Would you be so kind to point me for some resources how to export these files?

Thank you very much Miroslav

webprofusion-chrisc commented 1 year ago

If you have a PFX file you can use OpenSSL to convert the file into a private key and public certificate file.

mmsw-git commented 1 year ago

Hello, I got same idea and spent half day with this task. It seems I can export certificate and private key with password, but when I try to remove password, I got error:

C:\mmsw\CertStore>"C:\Program Files\OpenSSL-Win64\bin\openssl" pkcs12 -in pfx\admin.mmsw.cz.pfx -out admin.mmsw.cz.key -nocerts -nodes
Enter Import Password:
C:\mmsw\CertStore>"C:\Program Files\OpenSSL-Win64\bin\openssl" rsa -in admin.mmsw.cz.key -out admin.mmsw.cz1.key
120900:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:crypto\evp\p_lib.c:469:
webprofusion-chrisc commented 1 year ago

Further solution posted here: https://community.letsencrypt.org/t/windows-certes-how-to-generate-public-and-private-keys/191056/10

You have the option of calling .ToPem() on both your key and certificate chain then saving that output to files, or for OpenSSL use ec instead of rsa because your private key here is ECDSA not RSA.