How to create pfx using openSSL with .cer file and PKCS#8 encrypted private key2019 Community Moderator ElectionLoad PKCS#8 binary key into RubyHow to convert pkcs8 key file to DER format in #C?openssl: No certificate matches private key / chained certificateConvert PEM traditional private key to PKCS8 private keyHow to create a self-signed certificate with OpenSSLHow to produce a PKCS8 private key encrypted by a symmetric key?Private Key changes between exports from a .PFX (PKCS#12) FilePadding errors using OpenSSL for encrypt/decrypt with Keys extracted from Digital CertCannot create pfx file from cer file with opensslConvert a .cer file to .pfx fileNo certificate matches private key - OpenSSL

Synchronized implementation of a bank account in Java

In what cases must I use 了 and in what cases not?

Geography in 3D perspective

Do native speakers use "ultima" and "proxima" frequently in spoken English?

Variable completely messes up echoed string

What should I install to correct "ld: cannot find -lgbm and -linput" so that I can compile a Rust program?

Turning a hard to access nut?

Four married couples attend a party. Each person shakes hands with every other person, except their own spouse, exactly once. How many handshakes?

Do US professors/group leaders only get a salary, but no group budget?

Light propagating through a sound wave

Help rendering a complicated sum/product formula

Do I need to be arrogant to get ahead?

Brake pads destroying wheels

Pronounciation of the combination "st" in spanish accents

Optimising a list searching algorithm

Maths symbols and unicode-math input inside siunitx commands

Usage and meaning of "up" in "...worth at least a thousand pounds up in London"

Why is indicated airspeed rather than ground speed used during the takeoff roll?

How to define limit operations in general topological spaces? Are nets able to do this?

A Ri-diddley-iley Riddle

Could Sinn Fein swing any Brexit vote in Parliament?

What does "^L" mean in C?

Can you move over difficult terrain with only 5 feet of movement?

How can my new character avoid being a role-playing handicap to the party?



How to create pfx using openSSL with .cer file and PKCS#8 encrypted private key



2019 Community Moderator ElectionLoad PKCS#8 binary key into RubyHow to convert pkcs8 key file to DER format in #C?openssl: No certificate matches private key / chained certificateConvert PEM traditional private key to PKCS8 private keyHow to create a self-signed certificate with OpenSSLHow to produce a PKCS8 private key encrypted by a symmetric key?Private Key changes between exports from a .PFX (PKCS#12) FilePadding errors using OpenSSL for encrypt/decrypt with Keys extracted from Digital CertCannot create pfx file from cer file with opensslConvert a .cer file to .pfx fileNo certificate matches private key - OpenSSL










0















Trying to use below command



openssl pkcs12 -export -in cert.cer -inkey cert.key -out cert.pfx


I'm seeing unable to load private key exception. openssl is expecting private key.



Private key in my case is pkcs#8 encrypted. I have password for encrypted private key. But openssl is not prompting for password.



I did made progress to convert private key to privatekey.pem using below command. I did find here 



openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem





openssl







share|improve this question
























  • That command should work fine. So the problem is either with the private key or with the cer file, what are the error messages out of openssl. Can you verify the private key is ok and the cert file is ok with openssl? e.g. "openssl rsa -in cert.key -noout -text" The verification of the cert file will depend of the format. e.g. pem would be "openssl x509 -in cert.cer -noout -text".

    – Shane Powell
    Mar 7 at 18:15











  • I tried above eg "openssl rsa -in cert.key -noout -text" it says unable to load private key and for certificate it says error as unable to load certificate. errorcode: 0009006C pem routines: get_name: no start

    – Movva
    Mar 10 at 23:05







  • 1





    Look at the contents of cert.cer. Is it actually a cert in PEM format? Is it something else in PEM format? Is it not in PEM format at all? Describe it, or if not human-readable post a hex or similar dump of at least about the first 16 bytes.

    – dave_thompson_085
    Mar 10 at 23:50






  • 1





    PEM format is a base64 DER format with markup. So it's a text file you can open in a text editor. If it's binary, it's most like DER format. Try "openssl rsa -in cert.key -inform der -noout -text" and see it that works. If it's in DER format you need to convert it to PEM format for the pscs12 command to work.

    – Shane Powell
    Mar 11 at 0:18











  • Convert key from der to pem: openssl rsa -in cert.key -inform der -out cert.key.pem

    – Shane Powell
    Mar 11 at 0:23















0















Trying to use below command



openssl pkcs12 -export -in cert.cer -inkey cert.key -out cert.pfx


I'm seeing unable to load private key exception. openssl is expecting private key.



Private key in my case is pkcs#8 encrypted. I have password for encrypted private key. But openssl is not prompting for password.



I did made progress to convert private key to privatekey.pem using below command. I did find here 



openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem





openssl







share|improve this question
























  • That command should work fine. So the problem is either with the private key or with the cer file, what are the error messages out of openssl. Can you verify the private key is ok and the cert file is ok with openssl? e.g. "openssl rsa -in cert.key -noout -text" The verification of the cert file will depend of the format. e.g. pem would be "openssl x509 -in cert.cer -noout -text".

    – Shane Powell
    Mar 7 at 18:15











  • I tried above eg "openssl rsa -in cert.key -noout -text" it says unable to load private key and for certificate it says error as unable to load certificate. errorcode: 0009006C pem routines: get_name: no start

    – Movva
    Mar 10 at 23:05







  • 1





    Look at the contents of cert.cer. Is it actually a cert in PEM format? Is it something else in PEM format? Is it not in PEM format at all? Describe it, or if not human-readable post a hex or similar dump of at least about the first 16 bytes.

    – dave_thompson_085
    Mar 10 at 23:50






  • 1





    PEM format is a base64 DER format with markup. So it's a text file you can open in a text editor. If it's binary, it's most like DER format. Try "openssl rsa -in cert.key -inform der -noout -text" and see it that works. If it's in DER format you need to convert it to PEM format for the pscs12 command to work.

    – Shane Powell
    Mar 11 at 0:18











  • Convert key from der to pem: openssl rsa -in cert.key -inform der -out cert.key.pem

    – Shane Powell
    Mar 11 at 0:23













0












0








0








Trying to use below command



openssl pkcs12 -export -in cert.cer -inkey cert.key -out cert.pfx


I'm seeing unable to load private key exception. openssl is expecting private key.



Private key in my case is pkcs#8 encrypted. I have password for encrypted private key. But openssl is not prompting for password.



I did made progress to convert private key to privatekey.pem using below command. I did find here 



openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem





openssl







share|improve this question
















Trying to use below command



openssl pkcs12 -export -in cert.cer -inkey cert.key -out cert.pfx


I'm seeing unable to load private key exception. openssl is expecting private key.



Private key in my case is pkcs#8 encrypted. I have password for encrypted private key. But openssl is not prompting for password.



I did made progress to convert private key to privatekey.pem using below command. I did find here 



openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem





openssl




openssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 10 at 22:57







Movva

















asked Mar 6 at 21:47









MovvaMovva

458




458












  • That command should work fine. So the problem is either with the private key or with the cer file, what are the error messages out of openssl. Can you verify the private key is ok and the cert file is ok with openssl? e.g. "openssl rsa -in cert.key -noout -text" The verification of the cert file will depend of the format. e.g. pem would be "openssl x509 -in cert.cer -noout -text".

    – Shane Powell
    Mar 7 at 18:15











  • I tried above eg "openssl rsa -in cert.key -noout -text" it says unable to load private key and for certificate it says error as unable to load certificate. errorcode: 0009006C pem routines: get_name: no start

    – Movva
    Mar 10 at 23:05







  • 1





    Look at the contents of cert.cer. Is it actually a cert in PEM format? Is it something else in PEM format? Is it not in PEM format at all? Describe it, or if not human-readable post a hex or similar dump of at least about the first 16 bytes.

    – dave_thompson_085
    Mar 10 at 23:50






  • 1





    PEM format is a base64 DER format with markup. So it's a text file you can open in a text editor. If it's binary, it's most like DER format. Try "openssl rsa -in cert.key -inform der -noout -text" and see it that works. If it's in DER format you need to convert it to PEM format for the pscs12 command to work.

    – Shane Powell
    Mar 11 at 0:18











  • Convert key from der to pem: openssl rsa -in cert.key -inform der -out cert.key.pem

    – Shane Powell
    Mar 11 at 0:23

















  • That command should work fine. So the problem is either with the private key or with the cer file, what are the error messages out of openssl. Can you verify the private key is ok and the cert file is ok with openssl? e.g. "openssl rsa -in cert.key -noout -text" The verification of the cert file will depend of the format. e.g. pem would be "openssl x509 -in cert.cer -noout -text".

    – Shane Powell
    Mar 7 at 18:15











  • I tried above eg "openssl rsa -in cert.key -noout -text" it says unable to load private key and for certificate it says error as unable to load certificate. errorcode: 0009006C pem routines: get_name: no start

    – Movva
    Mar 10 at 23:05







  • 1





    Look at the contents of cert.cer. Is it actually a cert in PEM format? Is it something else in PEM format? Is it not in PEM format at all? Describe it, or if not human-readable post a hex or similar dump of at least about the first 16 bytes.

    – dave_thompson_085
    Mar 10 at 23:50






  • 1





    PEM format is a base64 DER format with markup. So it's a text file you can open in a text editor. If it's binary, it's most like DER format. Try "openssl rsa -in cert.key -inform der -noout -text" and see it that works. If it's in DER format you need to convert it to PEM format for the pscs12 command to work.

    – Shane Powell
    Mar 11 at 0:18











  • Convert key from der to pem: openssl rsa -in cert.key -inform der -out cert.key.pem

    – Shane Powell
    Mar 11 at 0:23
















That command should work fine. So the problem is either with the private key or with the cer file, what are the error messages out of openssl. Can you verify the private key is ok and the cert file is ok with openssl? e.g. "openssl rsa -in cert.key -noout -text" The verification of the cert file will depend of the format. e.g. pem would be "openssl x509 -in cert.cer -noout -text".

– Shane Powell
Mar 7 at 18:15





That command should work fine. So the problem is either with the private key or with the cer file, what are the error messages out of openssl. Can you verify the private key is ok and the cert file is ok with openssl? e.g. "openssl rsa -in cert.key -noout -text" The verification of the cert file will depend of the format. e.g. pem would be "openssl x509 -in cert.cer -noout -text".

– Shane Powell
Mar 7 at 18:15













I tried above eg "openssl rsa -in cert.key -noout -text" it says unable to load private key and for certificate it says error as unable to load certificate. errorcode: 0009006C pem routines: get_name: no start

– Movva
Mar 10 at 23:05






I tried above eg "openssl rsa -in cert.key -noout -text" it says unable to load private key and for certificate it says error as unable to load certificate. errorcode: 0009006C pem routines: get_name: no start

– Movva
Mar 10 at 23:05





1




1





Look at the contents of cert.cer. Is it actually a cert in PEM format? Is it something else in PEM format? Is it not in PEM format at all? Describe it, or if not human-readable post a hex or similar dump of at least about the first 16 bytes.

– dave_thompson_085
Mar 10 at 23:50





Look at the contents of cert.cer. Is it actually a cert in PEM format? Is it something else in PEM format? Is it not in PEM format at all? Describe it, or if not human-readable post a hex or similar dump of at least about the first 16 bytes.

– dave_thompson_085
Mar 10 at 23:50




1




1





PEM format is a base64 DER format with markup. So it's a text file you can open in a text editor. If it's binary, it's most like DER format. Try "openssl rsa -in cert.key -inform der -noout -text" and see it that works. If it's in DER format you need to convert it to PEM format for the pscs12 command to work.

– Shane Powell
Mar 11 at 0:18





PEM format is a base64 DER format with markup. So it's a text file you can open in a text editor. If it's binary, it's most like DER format. Try "openssl rsa -in cert.key -inform der -noout -text" and see it that works. If it's in DER format you need to convert it to PEM format for the pscs12 command to work.

– Shane Powell
Mar 11 at 0:18













Convert key from der to pem: openssl rsa -in cert.key -inform der -out cert.key.pem

– Shane Powell
Mar 11 at 0:23





Convert key from der to pem: openssl rsa -in cert.key -inform der -out cert.key.pem

– Shane Powell
Mar 11 at 0:23












1 Answer
1






active

oldest

votes


















0














Below are commands I used to convert to Pfx.



Converted certificate to pem



openssl x509 -inform der -in certificate.cer -out certificate.pem


converted key to pem



openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem


converted to pfx using above key and certificate pem files. I need to use csp for my case. But it is optional. 



 openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -out cert.pfx





share|improve this answer






















    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55032686%2fhow-to-create-pfx-using-openssl-with-cer-file-and-pkcs8-encrypted-private-key%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Below are commands I used to convert to Pfx.



    Converted certificate to pem



    openssl x509 -inform der -in certificate.cer -out certificate.pem


    converted key to pem



    openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem


    converted to pfx using above key and certificate pem files. I need to use csp for my case. But it is optional. 



     openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -out cert.pfx





    share|improve this answer



























      0














      Below are commands I used to convert to Pfx.



      Converted certificate to pem



      openssl x509 -inform der -in certificate.cer -out certificate.pem


      converted key to pem



      openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem


      converted to pfx using above key and certificate pem files. I need to use csp for my case. But it is optional. 



       openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -out cert.pfx





      share|improve this answer

























        0












        0








        0







        Below are commands I used to convert to Pfx.



        Converted certificate to pem



        openssl x509 -inform der -in certificate.cer -out certificate.pem


        converted key to pem



        openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem


        converted to pfx using above key and certificate pem files. I need to use csp for my case. But it is optional. 



         openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -out cert.pfx





        share|improve this answer













        Below are commands I used to convert to Pfx.



        Converted certificate to pem



        openssl x509 -inform der -in certificate.cer -out certificate.pem


        converted key to pem



        openssl pkcs8 -inform DER -in file.key -passin pass:xxxxxxxx >private_key.pem


        converted to pfx using above key and certificate pem files. I need to use csp for my case. But it is optional. 



         openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -out cert.pfx






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 14 at 20:38









        MovvaMovva

        458




        458





























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55032686%2fhow-to-create-pfx-using-openssl-with-cer-file-and-pkcs8-encrypted-private-key%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            AWS Lex not identifying response if by a variable The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) The Ask Question Wizard is Live! Data science time! April 2019 and salary with experienceEnforcing custom enumeration in AWS LEX for slot valuesHow to give response based on user response in Amazon Lex?Intercepting AWS Lambda Response to a AWS Lex QueryLex chat bot error: Reached second execution of fulfillment lambda on the same utteranceamazon lex showing invalid responseLambda response send back to Lex slot?Response card in Amazon lexAmazon Lex - Lambda response return HTML to botHow can I solve 424 (Failed Dependency) (python) obtained from Amazon lex?

            Image
            Do working physicists consider Newtonian mechanics to be "falsified"? Match Roman Numerals Derivation tree not rendering How can I protect witches in combat who wear limited clothing? Is above average number of years spent on PhD considered a red flag in future academia or industry positions? Relations between two reciprocal partial derivatives? Take groceries in checked luggage He got a vote 80% that of Emmanuel Macron’s Why not take a picture of a closer black hole? Is every episode of "Where are my Pants?" identical? Problems with Ubuntu mount /tmp Why is superheterodyning better than direct conversion? Are spiders unable to hurt humans, especially very small spiders? Can undead you have reanimated wait inside a portable hole? What is special about square numbers here? Python - Fishing Simulator Is this wall load bearing? Blueprints and photos attached Can a 1st-level character have an ability score above 18? Semisimplicity of ...
            Read more

            Алба-Юлія

            Image
            Алба-Юлія рум.  Alba Iulia герб прапор Православний собор в Алба-Юлії Основні дані 46°04′35″ пн. ш. 23°34′22″ сх. д.  /  46.07638888891677453° пн. ш. 23.57277777780577921° сх. д.  / 46.07638888891677453; 23.57277777780577921 Координати: 46°04′35″ пн. ш. 23°34′22″ сх. д.  /  46.07638888891677453...
            Read more

            Захаров Федір Захарович

            Image
            Федір Захарович Захаров Федір Захаров, 1986 рік Народження 5 вересня 1919 ( 1919-09-05 ) Олександрівське [d] , Смоленська губернія , Російська СФРР Смерть 29 вересня 1997 ( 1997-09-29 ) (78 років)   Ялта , Автономн...
            Read more