How to export certificate in pfx format?
What you’re seeing is a Windows limitation: It won’t let you use the PKCS12 format when you don’t have the certificate’s private key. Because you only imported a CER file, you don’t have the key.
If you absolutely must have a PKCS12 file containing only the certificate, use the following OpenSSL command:
openssl pkcs12 -export -nokeys -in certificate.cer -out pkcs12.pfx
Related videos on Youtube
n179911
Updated on September 18, 2022Comments
-
n179911 over 1 year
I am running Windows 10. I have install a certificate to my computer. I see that in my MMC. But when I try to export a pfx file for that certificate. That option is disable.
I was able to successfully export a pfx file for that certificate before on the SAME machine (say machine A). But then when I install the pfx file on another machine (say machine B) with the password that I specified. It did not work. It said password not correct or something like that. So I went back to the certificate machine (machine A), delete the certificate and install the certificate again.
Afterward, I was not longer able to export the pfx file again. Is there a way to fix this?
Can you please tell me how can I fix that?
And when I tried repairstore, I get Object was not found error:
C:\WINDOWS\system32>certutil -repairstore my 356000019dba8d5ddd348062b90000000001d my "Personal" CertUtil: -repairstore command FAILED: 0x80090011 (-2146893807 NTE_NOT_FOUND) CertUtil: Object was not found.
-
Admin over 8 yearsThe certificate probably doesn’t have the “Allow private key export” flag set. From what I gather, that means you’re out of luck. Or perhaps you don’t have a private key at all?
-
Admin over 8 yearsI was able to export to pfx file with the same certificate on the same machine before. Then I delete the certificate from the certificate store in my machine. And afterward, I am no longer able to export to pfx file. Can I fix that?
-
Admin over 8 yearsAfter deleting the certificate, how did you obtain a new copy? Are you sure you actually have the certificate’s private key?
-
Admin over 8 yearsI have the *.CER file. So I just reinstall the *.CER file.
-
-
Admin about 2 yearsThat worked for me, thanks. FWIW it's possible to export from .crt as well which seems to be fundamentally the same thing.
-
Admin about 2 yearsAlso, in case you need to specify your private key, just use something like:
openssl pkcs12 -export -out '<output>\<file>.pfx -inkey '<keyname>.key' -in '<certificate>.crt|cer'