How to convert and upload a wildcard SSL certificate chain to Azure Gateway

Question

I have a wildcard ssl certificate chain for *.mydomain.one. The certificates are pem files and look like:

Thawte RSA CA 2018.pem

DigiCert Global Root CA.pem

mydomain.one.pem

With the following begin/ending:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

When I want to add a certificate to an Azure Gateway in the listener section it requires to be in pfx format. So I tried to convert the files with openssl pkcs12.

openssl pkcs12 -export -nokeys -in mydomain.one.pem -certfile DigiCert_Global_Root_CA.pem -certfile Thawte\ RSA\ CA\ 2018.pem -out mydomain.pfx  

When uploading to Azure it fails because the file has no private key. I also tried using one of the pem files as private key which fails while the pfx creation.

So my question is if its even possible to create a valid pfx file from this pem files and if not where and how to get the private key?

Answer 1

The private key will probably be available on the computer that generated the CSR.
Here's a blog post from DigiCert about that subject:

Where Is Your Private Key?

Answer 2

Hi @Laurin Wandel ,

Welcome to the Microsoft Q&A Platform.
I understand that you would like to understand where the private key of your .pem file is stored.

• I suggested that the Private key is something that should be internal to you/your organization.
• Using this, the CSR file would be created.
• It is possible that the private key is still available in the machine where you created the CSR.
• You informed me you were able to get this resolved by getting the PKI reissued.

Thanks,
Kapil

----------------------------------------------------------------------------------------------------------------

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.