通过mmc申请,自行百度哈
common name 写多个
例如 a.cvb.com
*.a.cvb.com
DNS写多个要与common name一致
例如 a.cvb.com
*.a.cvb.com
设置证书含有私有key
申请后得到p7b格式的证书
安装证书,并邮件导出private key
- Export the private key from the pfx file
1 | openssl pkcs12 -in myCert.pfx -nocerts -out key.pem |
It will prompt you for an Import Password. You should enter in the one password you created when exporting the cert from IIS
- Remove the password and Format the key to RSA
For the purpose of Amazon Web Services Elastic Load Balancer you’ll need it in RSA format and without the password.
1 | openssl rsa -in key.pem -out server.key |
It will prompt you for a pem passphrase. This would be the passphrase you used above.
Now the key will be accepted by the ELB.
- Export the certificate file from the pfx file
1 | openssl pkcs12 -in myCert.pfx -clcerts -nokeys -out cert.pem |
You will be prompted for an Import Password, enter the password you created when exporting the cert from IIS. It will prompt you for a PEM passphrase, enter one if you’d like, then again to confirm it. This will create your cert.pem file and can be directly uploaded to ELB.
- Convert PKCS #7 (.p7b) to PEM using OpenSSL
Run the following OpenSSL command:
1 | openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer |