Convert .pem and .pub to .pfx file

StackOverflow https://stackoverflow.com/questions/19023410

  •  29-06-2022
  •  | 
  •  

Domanda

I have a .pem file and a .pub file, I used following commands to create them

openssl genrsa -out temp.pem 1024
openssl rsa -in temp.pem -pubout -out temp.pub

Now I want to make them to a one .pfx file which is binary and contains both private and public key. Is it possible? how? (I have tested som openssl commands but the file was empty).

I used this command 

 openssl pkcs12 -export -in temp.pem -inkey temp.pub -out temp.pfx -name "Temp Certificate"

it generates this error:

unable to load private key 17880:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_li b.c:703:Expecting: ANY PRIVATE KEY

È stato utile?

Soluzione

You get the error because, for the -inkey argument, you have to specify a private key; not a public key.

OpenSSL's pkcs12 command doesn't provide a way to consolidate public and private keys into a single file. It is specifically used to consolidate certificates and private keys into a single file. In the above case, what you have is a public key, not a certificate.

From the man page:

-in filename The filename to read certificates and private keys from, standard input by default. They must all be in PEM format. The order doesn't matter but one private key and its corresponding certificate should be present. If additional certificates are present they will also be included in the PKCS#12 file.

Note that it specifically mentions that one private key and its corresponding certificate should be present. The command that I typically use to generate a PKCS#12 file is:

openssl pkcs12 -export -in cert.pem -inkey private.key -out file.pfx -name "My Certificate"

Altri suggerimenti

I stumbled upon this and noticed the above accepted answer does not really offer a solution.

Basically you need to generate a [self signed] certificate from the private key, using commands like this:

openssl req \
   -key domain.key \
   -new \
   -x509 -days 365 -out domain.crt

You can use openssl commands to convert your private key PEM to a .KEY file.

From there you can use openssl commands to convert your key and cert to pfx:

openssl pkcs12 -export -out domain.pfx -inkey domain.key -in domain.crt
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top