Need help with geting HTTPS working with Rebex Tiny Web Server

Question

I can not figure out were to start on setting up a cert for HTTPS. I paid for a cert buy can not get it to work.

They sent me three files a

Security Certificate a .CRT file
PKCS # 7 Certificate a .p7b file
CA-Bundle file a .ca-bundle file

Tiny Web server has two files a .cer and .pfx

The only section is the config file lets you specify the "serverCertificateFile". I tried point to those files. It did not work. I also cut and past the certificate info and that did not work. What do I need to do?

Answer 1

The Rebex Tiny Web Server can accept only .pfx, which contains (public) certificate and associated (private) key.

It seems you need to combine all the files into a .pfx file.

I suppose that the .crt file contains the required private key in PEM format. View the file, it should start with -----BEGIN PRIVATE KEY----- or -----BEGIN ENCRYPTED PRIVATE KEY-----.

The .p7b file should start with -----BEGIN PKCS7-----.

You need to first convert .p7b into PEM as described here:

openssl pkcs7 -print_certs -in cert.p7b -out cert.pem

The .pem file should start with -----BEGIN CERTIFICATE-----.

Then you can create .pfx file as described here:

openssl pkcs12 -export -out cert.pfx -inkey cert.crt -in cert.pem

---

Or check, whether your certificate vendor can provide .pfx certificate directly.

Comments

I have tried everything and can not get this to work.  I tried what you posted.   I exported the private key using the app 'certlm'. It exported a .pfx file. I tried that and it did not work.  I converted the .pfx file to a pem to get my private key and followed your openssl commands to create a .pfx file.  It did not work also.  Any advice?

Update:  I got it working

The default install files are

server.certificate.cer
server.certificate.pfx

When I remove them and start the app they get regenerated.  If I add my new .pfx file a .cer file is not created.  Should I  provide the .cer file from something?

Update:  I got it working.

---

Great that you were able to make it working.
Can you please share how you solved it in case somebody else encounter the same issue?

---

This is a crazy answer.  I used a on-line company that  provided the certificate to get things to work.  They sent it in .p7b format.  I had to convert it to a PEM, export a key in windows.  Then convert those files to a .pfx.  I did all that and it did not work.

This is the crazy part. I did not have port 443 forward to the PC running the web server.  Once I fixed that it came right up.

---

I had to renew my key and it is not working.  I received the certs that include these files.

seanhavanas.com.ca-bundle
seanhavanas.com.crt
seanhavanas.com.p7b

I typed this command to generate a .pem
openssl pkcs7 -print_certs -in seanhavanas.com.p7b -out seanhavanas.com.pem
And it worked.

Then I issued this command
openssl pkcs12 -export -out seanhavanas.com.pfx -inkey seanhavanas.com.crt -in seanhavanas.com.pem
That did not work.  I got this error
Could not find private key from -inkey file from seanhavanas.com.crt

---

It seems that the seanhavanas.com.crt file does not contain private key.
Please view the file, it should contain -----BEGIN PRIVATE KEY----- or -----BEGIN ENCRYPTED PRIVATE KEY-----.

If seanhavanas.com.crt does not contain the private key, this approach will not work. You need the private key as well.

---

Perhaps you generated the private key when you submitted the certification request to your certification authority?

---

I got it working again.  I had to use the certification authority to restate all the keys and it worked. I wish I could get a cert for 5 years.  They are making me update it every year.