Dell ThinOS 10.x App Builder User Guide

Generating Certificates on Windows Using IIS

This topic outlines the steps to generate a Certificate Signing Request (CSR) and private key using Internet Information Services (IIS) on Windows.

1. Generate a CSR and Private key using IIS on Windows.
2. Extract Certificate and Private key from a .pfx file using OpenSSL.
   NOTE:A .pfx (PKCS#12) file contains both a private key and public key.
3. Extract the Public Certificate:

   openssl pkcs12 -in <filename.pfx> -clcerts -nokeys -out public_key.crt
   

   • -in <filename.pfx>: Specifies the input PFX file.
   • -clcerts: Extracts only the client certificate (excludes CA certificates).
   • -nokeys: Excludes the private key.
   • -out public_key.crt: Output file for the public key.
4. Extract the Private Key:

   openssl pkcs12 -in <filename.pfx> -nocerts -nodes -out private_key.pem
   

   • -nocerts: Excludes all certificates, extracts only the private key.
   • -nodes: Outputs the private key-in plain text (not encrypted).
   • -out private_key.pem: Output the file for the private key.

   The private key is stored in plain text. Handle and store securely.
5. After running the commands, you obtain:
   • public_cert.crt–the public key certificate.
   • private_key.pem–the private key in PEM format.

   These files are used to create customer installed (CI) application packages.