Get Private Key and certificate from pfx file

1.       Get Private Key and certificate from pfx file (for this we need to install the SSL certificate):

a.       open cmd and go to the installation directory of openSSL

C:\Users\admin>cd %Installed Path of openSSL%

b.       Run the following commands:

C:\OpenSSL-Win32>set openssl_Home=%Installed Path of openSSL%

C:\OpenSSL-Win32>set openssl_conf=%Installed Path of openSSL%\bin\openssl.cfg

C:\OpenSSL-Win32>set path=%Installed Path of openSSL%

c.       Go to bin directory:

C:\OpenSSL-Win32>cd bin

d.       Run the below command to convert pfx file

C:\OpenSSL-Win32\bin>openssl pkcs12 -in mydomain.pfx -nodes

Here you will get private key and certificate

Time on my EC2 windows instance changed automatically

Configure Windows time sync:

First ensure that you can get time from a NTP server, otherwise the instructions below are not going to work.
To test, get the current variance from an NTP server using the following Windows Time service command
w32tm /stripchart /samples:5 /computer:pool.ntp.org /dataonly

In a VPC we had to open UDP port 123 for inbound connections in the NAT security group.

To configure NTP time sync in Windows

1. Registry edit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
Set SpecialPollInterval to polling interval in seconds (we set ours to 60).
2. Registry edit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters
Set Type to NTP
3. Run the following commands to configure the time servers (can use other servers, we're using 4 time servers - 0.pool.ntp.org, time.nist.gov, 1.pool.ntp.org, and 2.pool.ntp.org)

net stop w32time

w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org,0x1 time.nist.gov,0x1 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1"

net start w32time

To review the config
w32tm /query /configuration

To check the sync against a time server
w32tm /stripchart /samples:5 /computer:pool.ntp.org /dataonly