How to import an OpenSSL key file into the Windows Certificate Store

62,395

To test if private key is installed for the certificate, double click the certificate icon in certmgr.msc. If it has private key, it will show a message in the property page that you have private key, otherwise it will not give any reference the the private key.

Certificate with a private key


To import the certificate with its private key, you can do the following:

  1. Pack the certificate and its private key into a PKCS #12 file or PFX file using openssl pkcs12. Here's an example.
  2. Import this PKCS #12 or PFX file into the certificate store.

Note that you may see errors when importing the pfx file, such as 'This file is invalid for use as the following: Personal Information Exchange'. This error was caused by the certificate lacking to appropriate X.509 v3 extensions (such as the usage fields (digital signature, etc))

Share:
62,395
Gearoid Murphy
Author by

Gearoid Murphy

https://www.linkedin.com/in/gearoid-murphy-a6003983/

Updated on March 14, 2020

Comments

  • Gearoid Murphy
    Gearoid Murphy over 4 years

    I've got an OpenSSL generated X.509 certificate in PEM format and it's associated key file. This certificate is required for authentication when connecting to a prototype server. This works fine on Linux. I've been using the Microsoft SChannel API to drive SSL/TLS connections on Windows platforms but I want to use the same test certificate. I can right-click on the certificate file and import it into my certificate store but I believe that the private key is not imported with it (even though I've concatenated them into the same file).

    When I go to run the SChannel code, I get a 'SEC_E_NO_CREDENTIALS' error when I init the security context (via InitializeSecurityContext). I suspect this means that the private key is missing.

    Does anyone know how to test the presence or absence of a private key in a certificate which is located in the Personal (or 'My') certificate store, accessed via 'certmgr.msc'?. Is it possible to import a new key file for a certificate in the store?

    Any insight or advice would be much appreciated.

    • Daniel Frey
      Daniel Frey about 11 years
      What a cute puzzle, I'm still trying to find the C++ question in there...
    • Gearoid Murphy
      Gearoid Murphy about 11 years
      Fair point, I've removed the tag
  • doptimusprime
    doptimusprime over 7 years
    I got that error on a test certificate. So, I corrected the certificate. In case you got the error, get it reissued.
  • N-ate
    N-ate over 7 years
    Note, it creates the file even if there is a problem. I missed an error message during the combining of the cert with the private key file. It didn't find one of the files.