How to get .pfx file from .cer and .key?
Solution 1
The req
command creates a certificate request by default, not a certificate. If you add the -x509
argument, it will self-sign the request using the provided key, and output a certificate instead. You should then be able to create the .pfx successfully.
Solution 2
Although, the question is answered, I would like to add a simpler solution.
There is no need to use any 3rd party tools (including OpenSSL) on Windows. You can use built-in certutil.exe
tool. Place both files in the same folder and give the same name to files (e.g. server.cer
and server.key
) and run the following command:
certutil -mergepfx path\server.cer
Certutil will expect to find a key file in the same folder with .key
file extension.
Ahmer Ali Ahsan
A results-driven, customer-focused, articulate and analytical Software Developer who can think “out of the box”. I am passionate about what I do and always give 100%. When I undertake a project or task, I don't just complete it, I go the extra mile and make it better than requested. 4 years of experience as a ASP.Net Developer Intermediate NodeJS - Angular 2,4,5,8 - MEAN Stack Developer Intermediate Firebase Data Structure Designer Also worked on fiverr.
Updated on June 12, 2020Comments
-
Ahmer Ali Ahsan almost 4 years
Before questioning here. I've searched a lot about my problem. And problem is still exists. Below is the references of posts, which I've already read.
How to create .pfx file from certificate and private key?
Convert a CERT/PEM certificate to a PFX certificate
How to get .pem file from .key and .crt files?
How to generate a .pfx file from a .cer file?
Overview
I'm working on:
Windows 10 64bit
IIS (Version 10.0.16299.15)
I've installed Win32 OpenSSL v1.1.0g
These are the files that I have available:
server.cer
server.key
What I've tried?
I have also tried various things from trawling through posts but my lack of experience in this area is really impeding my efforts.
Below commands I have tried in Terminal to create my
server.key
andserver.cer
file.set RANDFILE=c:\certificate\.md set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg c:\OpenSSL-Win32\bin\openssl.exe genrsa -out server.key 2048` c:\OpenSSL-Win32\bin\openssl.exe req -new -key server.key -out server.cer -config C:\OpenSSL-Win32\bin\openssl.cfg c:\OpenSSL-Win32\bin\openssl.exe pkcs12 -export -in server.cer -inkey server.key -out server.pfx
Error: unable to load certificates
What I want?
How to create .pfx file from certificate and private key? Let me know what I'm doing wrong in my code.
-
Ahmer Ali Ahsan over 6 yearsWhere I add
-x509
argument inc:\OpenSSL-Win32\bin\openssl.exe req -new -key server.key -out server.cer -config C:\OpenSSL-Win32\bin\openssl.cfg
-
Ahmer Ali Ahsan over 6 yearsFound my answer: By running this command
req -x509 -newkey rsa:2048 -nodes -keyout server.key -days 365 -out server.cer
and after that I runpkcs12 -export -in server.cer -inkey server.key -out server.pfx
.pfx
file generated successfully. Thanks for your help. -
Craig Nakamoto about 2 yearsThis still works as of Jan 2022 in PowerShell on Windows 11 and it is by far the easiest solution. You do need to specify the output file though: certutil -mergefx .\server.cer server.pfx