Sometimes a certificate is needed for demo or test purposes and there are several web sites which provide these for free. One of these sites is SSLforFree. When you let this site create all files for you (as opposed to providing a CSR) you will be provided with three files:
- Private.key. As the name implies this is the private key of the assymetric key pair. Never share this key for any other reason than importing it at the host you want to enable SSL on.
- Certificate.crt. This is the CA-signed public key.
- Ca_bundle.crt. This is the complete certificate chain to enable subjects to verify the validity of your certificate.
These certificates are in PEM format which is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.
However, when you want to use these certificates, for example to enable HTTPS on a Microsoft Azure web site, the certificate must be in PFX-format.
The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys.
You can convert your certificate from PEM to PFX via OpenSSL with the following command:
openssl pkcs12 -export -out out-cert.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt
The command will ask you to set a password. This password must be provided when you import the resulting out-cert.pfx file into Azure.
For information on how to install OpenSSL on Windows, please see How to install the most recent version of OpenSSL on Windows 10 in 64 Bit.