Convert .pfx to .pem Format

I needed to get .pem’s out of a .pfx recently for an application that did not have an easy method to upload a .pfx.  It ran on top of a debian distro so I figured it was easier to just drop the .pem’s where they need to be, but then I realized I’ve never taken a .pfx and split it up before.  Perfect time to figure it out right?  Luckily the issue wasn’t all that important (was a test/dev thing), so that’s just what I did.  Here is what I came up with:

1.) Install OpenSSL on a machine

2.) Copy .pfx file to that computer

3.) Run the following to get the key.pem:

4.) Run the following to get the crt.pem

That should do it for you.  Do with them what you will!

Sources:

Adobe Blog Post

StackPath Support Article

Renewing Let’s Encrypt Certificates with certbot-auto

I had some trouble renewing a certificate on a web server today with a particularly “wonky” configuration if you will.  The standard certbot methods I would normally use just would not work for me so I had to dig a little deeper into the more “advanced” certbot setups.  This brought me to the certbot documentation where I read that the certbot-auto script might be able to help me out, so I gave it a shot and it worked!  I started by downloading the script and changing the permissions as instructed:

I threw it in a home directory, but that is really dealers choice.  Once I had that complete I simply ran the following command and was off to the races:

 

Create Custom CSR with Exportable Private Key

This is just one of those things that always seems to slip my mind so I am going to throw it on here.

 

Start by opening MMC and adding the Certificates snap-in for the local computer.

Select the Personal store, right click in the open area, hover All Tasks, hover Advanced Operations, and select Create Custom Request…

Select Next on the Before You Begin page.  On the Select Certificate Enrollment Policy window, select Custom Request: Proceed without enrollment policy and select Next.

Confirm the Template option on the Custom request window is set to No template with PKCS #10 format and select Next.

Select Details on the Certificate Information window and then select properties.

Type in a Friendly name and, if you wish, a Description and select the Subject tab.

In the Subject name section select Common name, fill in the value appropriately, and select Add.  You can also add others such as Locality, State, Country, etc. if you wish and select the Private Key tab.

Under the Cryptographic Service Provider select 2048 for the Key size and select the Make private key exportable option.

Select Apply/OK and select next.  Browse or type in where you would like to store the csr and select finish.

Send that csr off to the CA your working with, or sign it with an internal CA and you’re off to the races.