none
SSL .pfx generated on MAC OSX

    Question

  • This is the command that generated the .pfx file on MAC OSX

    openssl pkcs12 -export -out ec.pfx -inkey private.key -in EquestrianCloud.com.crt 

    When I upload to Azure Website I get hit with the below error and the upload fails. 

    Can someone help me understand.

    Back to progress operations
    At least one certificate is not valid (The certificate provided is invalid. The certificate Enhanced Key Usage must be present in a certificate and contain Server Authentication (1.3.6.1.5.5.7.3.1).).

    Steps I took to create and upload the SSL Cert to Azure

    Generated .certSigningRequest through Mac's keychain program.

    Give that to GoDaddy & they give me a .crt & .p7b file.

    I run the following command in the terminal to generate the .pfx file.

    openssl pkcs12 -export -out ec.pfx -inkey private.key -in EquestrianCloud.com.crt 

    I upload the .pfx to Azure & get the error above.

    Patrick

    Thursday, August 01, 2013 7:48 PM

Answers

All replies

  • Hi,

      >> When I upload to Azure Website I get hit with the below error and the upload fails. 

    From my experience, one possible cause is the certificate does not have a Server Authentication purpose. This is required if you want to enable SShttp://www.openssl.org/support/community.html.L on a server, such as in Windows Azure. For how to generate a certificate with Server Authentication purpose using openssl, I'd like to suggest you to try to contact http://www.openssl.org/support/community.html

    Best Regards,

    Ming Xu


    Ming Xu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Sunday, August 04, 2013 10:02 AM
  • Thanks for your helpful info.

    Still stuck on this, Not sure what to do , I may have to move my website and venture off Azure on to HP Cloud or Amazon.  

    Having a website that has SSL is important and I only have a MAC OSX at the moment.

    Friday, August 16, 2013 8:00 PM
  • Hi LismoreAzure,

    Thanks for your update information.

    For now, I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Best Regards,

    Ming Xu


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Monday, August 19, 2013 5:59 AM
  • Can you check to see if the certificate contains Server Authentication (1.3.6.1.5.5.7.3.1).) in the "Enhanced Key Usage".
    Open the certificate mmc, double-click on the certificate, go to the details tab-->Look for "Enhanced Key Usage".
    If this is not present, then you will need to modify to contact the vendor that issued the certificate.

    If this extension is present, look on the general tab of the certificate to see if it has a private key that corresponds to the certificate.

    Monday, August 19, 2013 3:23 PM
  • hi LismoreAzure,

    About this issue, Ming and Imtiaz all supplied some helpful and useful info, So I will mark this this thread as answer, if you find it no help, please fell free to unmark.
    Thanks!


    Will
    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.


    Saturday, August 31, 2013 7:43 AM