转换为P7B为PFX天青 [英] convert p7b to pfx for Azure

问题描述

我试图安装端点Azure上。

I am trying to setup endpoints for Azure.

我获得了一个.p7b文件，但我需要用私钥对Azure的一个.pfx文件。

I was given an .p7b file but I need a .pfx file with private key for Azure.

有没有办法转换我的.p7b到.PFX？

Is there a way to convert my .p7b to .pfx?

推荐答案

好吧，这里是整个Azure的SSL证书胡言乱语破败。我与GoDaddy做到了这一点（比一个更从他们的知识渊博的技术支持的人之一的帮助下位）。另请注意，我已经做到了这一点在Windows 8专业版;你的经验可能会略有不同和/或您的里程可能会有所不同; - ）

Ok, here is a rundown on the whole Azure SSL certificate rigmarole. I've done this with GoDaddy (and more than a bit of help from one of their knowledgeable tech support guys). Also note that I've done this on Windows 8 Pro; your experience might be slightly different and/or your mileage may vary ;-)

[免责声明：我在这个领域的专家很远。我想AP preciate如果有人谁真正知道这个东西就这个校对，编辑作为必要的，删除此评论]

[Disclaimer: I'm far from expert in this subject. I would appreciate if someone who really knows this stuff would proofread this, edit it as necessary, and remove this comment.]

支付你的钱给一个CA（证书颁发机构）购买SSL证书。

Pay your money to a CA (Certificate Authority) to buy an SSL certificate.

创建CSR（证书签名请求）

现在你需要创建一个企业社会责任，这是你必须提供给CA，以便为他们创造你的证书文本。 CSR包含一对夫妇条信息：

Now you need to create a CSR , which is text that you must supply to the CA in order for them to create your certificate. The CSR contains a couple of pieces of information:

1. 与证书相关联的域的名称。


2. 公用密钥与证书关联。请注意，你给CA的CSR不包含相应的私钥。

您使用IIS管理器在PC上创建本地CSR。注：IIS将包含在Windows，但不是默认安装的。 [我会离开安装IIS作为练习对学生的详细信息。也许有些善良的人会编辑这个答案，并在这些细节填写。]

You create the CSR locally on your PC using IIS Manager. Note: IIS is included with Windows, but is not installed by default. [I'll leave the details of installing IIS as an exercise for the student. Maybe some kind person will edit this answer and fill in those details.]

要创建CSR：

1. 运行IIS管理器


2. 选择（双击）服务器证书


3. 在操作窗格中在窗口的右侧，点击创建证书请求。通用名是与证书相关联的域名。在其余字段识别您的公司。


4. IIS管理器中会询问加密服务提供商和位长。您必须至少选择至少有2048位长度。


5. IIS管理器将创建一个公钥/私钥对。公钥包含在IIS管理器中为您创建CSR文本文件。私钥地方藏匿您的电脑上（我在个人密钥存储承担）。

要建立企业社会责任 - 你也可以参考在<一的详细步骤href=\"http://support.godaddy.com/help/article/4800/generating-a-certificate-signing-request-csr-microsoft-iis7?pc_split_value=3\"相对=nofollow> GoDaddy的网站。相当有帮助。

To create CSR - you can also refer the detailed steps at godaddy site. quite helpful.

现在，回到你的CA的网站，并找到了在线工具，可以让你创建你所购买的证书。它会要你做的第一件事就是粘贴（或上传）企业社会责任的文本。后您通过CA的跳火圈，您会收到一个或多个证书文件回从他们身上。

Now, go back to your CA's website and find the online tool that lets you create the certificate that you purchased. The first thing it will want you to do is to paste (or upload) the CSR text. After you jump through your CA's hoops, you will receive one or more certificate files back from them.

安装证书文件到IIS

GoDaddy的为您提供了两个文件：一个P7B文件和CRT文件

GoDaddy gives you two files: a p7b file and a crt file.

CRT的文件包含您的公证书。但你不能（还）上传到你的网站托管服务提供商，因为它不包括相关的私钥。该网站的主机需要私钥以及公钥，因为它会替您做终端到终端的加密。

The crt file contains your public certificate. But you can't (yet) upload it to your web hosting provider because it doesn't include the associated private key. The web host needs the private key as well as the public key because it will be doing end-to-end encryption on your behalf.

的P7B文件包含了构成证书链，让您的待验证证书到你的CA证书换句话说，当有人来到你的网站，并获得证书，声称你的网站是由Acme.com运行，该证书链可以让他们的浏览器确认CA先天不足为您的身份。

The p7b file contains the certificates that comprise the "certificate chain" that allows your certificate to be verified up to your CA. In other words, when someone comes to your website and gets your certificate that claims that your website is run by Acme.com, this certificate chain lets that person's browser verify that your CA vouches for your identity.

注意，GoDaddy的P7B文件可以免费从他们的网站。另外请注意，你可能不需要包含在此文件中的证书，因为你的电脑可能已经拥有这些证书烤成其收藏的知名CA。

Note that GoDaddy's p7b file is freely available from their website. Also note that you probably don't need the certificates contained in this file because your PC probably already has these certificates baked into its collection of known CAs.

现在，您需要将公共证书，你的私钥相结合，结果存储在受密码保护的文件PFK

Now you need to combine your public certificate with your private key and store the result in a password-protected pfk file.

重新进入IIS管理器创建的CSR在同一台机器上，导航回服务器证书页面，然后点击完成证书申请（在操作屏幕的右侧窗格中）。

Get back into IIS Manager on the same machine that created the CSR, navigate back to the Server Certificates page, and click on Complete Certificate Request (in the Actions pane on the right side of the screen).

1. 告诉向导使用您从CA接收的证书文件（对我来说，这是一个CRT文件，但如果您的CA使用不同的编码方法可能是一个不同的文件类型）。


2. 友好名称也许应该是您的域名


3. 告诉向导的密钥存储在您的个人存储

要安装证书到IIS，从的 GoDaddy的网站帮助可能会有所帮助。

To install the certificates into IIS, these detailed steps from godaddy site help may be helpful.

获取PFX文件

您现在应该看到在IIS管理器的服务器证书页面上列出的新证书。选择证书并将其导出为一个PFX文件（通过操作屏幕右侧的窗格）。

You should now see your new certificate listed on the Server Certificates page in IIS Manager. Select that certificate and export it as a pfx file (via the Actions pane on the right side of the screen).

现在你可以去 https://manage.windowsazure.com （在Windows Azure管理门户）选择您的网站或云服务，并上传PFX文件到Azure的证书存储区。

Now you can go to https://manage.windowsazure.com (the Windows Azure management portal), select your website or cloud service, and upload the pfx file to the Azure certificate store.

哇。祝你好运...

这篇关于转换为P7B为PFX天青的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！