Export SSL private key from Windows
The big difference between a named certificate (cucm.uccollabing.com) and a wildcard (*.uccollabing.com) beside the Common Name (CN) is that the first one can be used in ONE and only ONE place, the server/machine that generated the Certificate Signing Request (CSR); while the wildcard certificate on the other hand, can be used in multiple places.
Without getting into much details on how certificates work, just know that to prove the authenticity of any certificate there’s a relationship between two keys, the private key and public key. The private key is produced at the same time the CSR is created and therefore it must be exported and combined with the signed certificate since both pieces are needed wherever the wildcard certificate is used.
I wanted to share how to obtain the private key if the CSR was generated using Windows.
0- Generate a CSR (This is a pre-requirement but for the sake of this article let’s assume the DigiCert Utility was used).
1- Open the Microsoft Management Console (Win+R and type mmc.exe)
2- Add the Certificates Snap-in for “Local Computer”.
3- Go to Certificate Enrollment Requests > Certificates.4- Export the appropriate certificate including the private key.
For OpenSSL the commands are:
To read the information: openssl pkcs12 -info -in export_cert.pfx
To combined with the signed cert: openssl pkcs12 -export -inkey privkey.pem -in signed_cert.pem -name “ACME Wildcard Cert” -out star_bundle.p12
I am a Cisco Certified Network and Collaboration Engineer (CCNP) with over 9 years of experience and a passion for all things technology. I have spent most of my time mastering the world of networking and collaboration, but still find myself dabbling in cloud computing and programming.
Solving problems and learning something new in the process is my favorite part of the job. Having a depth understanding of the technology is what has driven my success.