Whilst installing ADFS I needed to import my wildcard certificate. This proved fiddly as Microsoft need it to be in pfx format, and I only had separate private .key and public .crt files.
PFX is a Microsoft certificate format that combines the public and private keys into one file, but is different from the combined format used by (e.g.) OpenSSL. I found that I had to go through several steps to achieve this.
Your CRT public key file should start with the following (open it in notepad to check):
-----BEGIN CERTIFICATE-----
Convert the public key into a PVK file
If you open your public key file (e.g. in notepad) and it says
-----BEGIN RSA PRIVATE KEY-----
then you’ll need to convert it into a PVK file. a PVK file is a binary file, so it’ll look have lots of non-alphanumeric characters in it. To do the conversion, I used a utility called pvk written by Dr Stephen N Henson (thank you!). The command line for pvk.exe is:
pvk.exe -in rcmtech_private.key -out rcmtech_private.pvk -topvk
You’ll be prompted for a password, and you do need to specify one or the next step in the process will fail.
Download the Windows SDK
Now you need a utility called pvk2pfx. Annoyingly this only comes as part of the Windows SDK, so you need to download that first. Once you’ve pulled it down (it is several GB), you’ll find pvk2pfx in the following folder:
C:\Program Files (x86)\Windows Kits\10\bin\x64\pvk2pfx.exe
Create the PFX file
The command line for pvk2pfx.exe is:
pvk2pfx.exe /pvk rcmtech_private.pvk /spc rcmtech_public.crt /pfx rcmtech.pfx
You’ll get a pop up asking for your pvk file password, which you specified when creating it using pvk.exe. (If you didn’t specify a password, and just hit enter on this popup you’ll just get an error: ERROR: Password incorrect. (Error Code = 0x80070056).)
You should now find yourself with a PFX file, which you can use to import into Windows (e.g. ADFS config wizard).
