Private Key with no deployment


#1

I used the most current version to issue a wildcard cert and selected the no deployment option. The cert was issued successfully and is stored locally on my pc, however, when I attempt to import this cert, into a Qnap NAS, the NAS is asking for the accompanying private key which I cannot find. I believe when I ran certbot via linux a while back it did generate both the cert and private key file. Any thoughts?

Thanks!


#2

Hi,

If you have exported the certificate from your local PC with windows Certificate Export wizard will give you a Yes/No prompt to export the private key as well (within the PFX file). This gives you a PFX file with both the certificate and the private key.

If you then need to convert that for the QNAP it would likely be using OpenSSL command line tools or similar, so you will need to use that to export the private key file and a .pem for the certificate:

openssl pkcs12 -in <filename>.pfx -nocerts -out key.pem
openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem

#3

Thank you for the response. I never imported the cert to the pc since I was only using the pc to get the cert issued. But I do have the .pfx file saved in the directory. So you are saying I should be able to use OpenSSL command line to take that .pfx file and extract the cert and private key in two separate files?


#4

Yes, note also that the default PFX created by the app has a blank password, which may be useful to know when you are converting.