Showing posts from November, 2014

Getting a Certificate Signing Request from a Certificate

Now that Chrome is complaining about certificates that are only SHA-1, it was time to Re-key our certificates to SHA-2. One problem: we no longer had the original CSR.

Here's how to get a CSR to give to your certificate supplier from your pfx file using openssl

openssl pkcs12 -in mycert.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in mycert.pfx -nokeys -out cert.pem
openssl rsa -in key.pem -out server.key
openssl x509 -x509toreq -in cert.pem  -signkey server.key -out CSR.csr