No one probably wants to read this, but I couldn’t find the full end-to-end walkthrough on the internet, so I figured it should be there. Here are the steps (please suggest a faster way if you know of one!):
1. Export the Certificate using the MMC Snap In Tool (instructions found here but summarized below.
There are a bunch of ways to export a certificate, each of which misses various parts that you’ll need. This makes sure you get the cert chain and the private key:
- Start > Run type in “MMC” and click OK
- Go into the File Tab > select Add/Remove Snap-in
- Click on Certificates and click on Add.
- Select Computer Account > Click Next
- Select Local Computer > Click Finish
- Click OK to close the Add/Remove Snap-in window.
- Double click on Certificates (Local Computer) in the center window.
- Double click on the Personal folder, and then on Certificates.
- Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
- Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
- Choose to ‘Yes, export the private key’
- Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
- Enter a password you will remember
- Choose to save file on a set location
2. Convert the binary pfx file into a .pem file with openssl (tip here, but reproduced below)
openssl pkcs12 -in publicAndprivate.pfx -out publicAndprivate.pem
3. Strip the password out of your private key
openssl rsa -in publicAndprivate.pem -out private.pem
4. Put the password-less private key into your .pem file
Open your “publicAndprivate.pem” file, and replace the private key section (marked with —–BEGIN RSA PRIVATE KEY—–) with the contents of your private.pem file.
That new file now has your cert, and password-less private key for uploading into a Coyote box. There may be a faster way (openssl may have a different combination of flags) but that did it for me.