Export SSL private key from Windows

The big difference between a named certificate (cucm.uccollabing.com) and a wildcard (*.uccollabing.com) beside the Common Name (CN) is that the first one can be used in ONE and only ONE place, the server/machine that generated the Certificate Signing Request (CSR); while the wildcard certificate on the other hand, can be used in multiple places.

Without getting into much details on how certificates work, just know that to prove the authenticity of any certificate there’s a relationship between two keys, the private key and public key. The private key is produced at the same time the  CSR is created and therefore it must be exported and combined with the signed certificate since both pieces are needed wherever the wildcard certificate is used.

I wanted to share how to obtain the private key if the CSR was generated using Windows.
0- Generate a CSR (This is a pre-requirement but for the sake of this article let’s assume the DigiCert Utility was used).
1- Open the Microsoft Management Console (Win+R and type mmc.exe)
2- Add the Certificates Snap-in for “Local Computer”.
3- Go to Certificate Enrollment Requests > Certificates.4- Export the appropriate certificate including the private key.

That’s it!
There a multiple ways to convert the PKCS#12 file to other formats. I prefer OpenSSL for Windows but online tools are also available.

>>>>>>

For OpenSSL the commands are:
To read the information: openssl pkcs12 -info -in export_cert.pfx
To combined with the signed cert: openssl pkcs12 -export -inkey privkey.pem -in signed_cert.pem -name “ACME Wildcard Cert” -out star_bundle.p12

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top