How to create a .pfx certificate from a .cer whitout the private key?

Question

I would like to import an SSL certificate on an Microsoft Azure Website.

I generated the .csr request file using the windows command "certreq" direclty on mylaptop (not on the server).

I retrieved an CER certificate using this .csr file.

But know I'm blocked, the Azure websites page wants a .pfx file and refuse the .cer file.

I tried to use www.sslshopper.com to transform my .cer certificate into a .pfx file but it needs the private key...

So Here are my questions : * Can I transform a .cer to .pfx without a the private key ? * how can I get the private key used by the certreq command of my laptop ?

Thanks !

Bruce Chen Bruce Chen · Accepted Answer · 2016-12-19T07:39:08

As I known, certreq would store your private keys in your certificate store when it generates CSRs. And you need to finish the certificate request on the same computer where you generated the CSR request. There is issue about finding the private key after using certreq for CSR generation.

Based on your description, you could follow this tutorial to import your signed certificate into the windows local computer certificate store by using certreq, then click "Start > Run", type certmgr.msc to manage computer certificates, right click the certificate root node and choose "Find Certificates" to find your certificate as follows:

Click export your certificate, choose the option "export the private key", then export your certificate to .pfx file. Also, you could leverage DigiCertUtil to export your certificates.

Additionally, for more flexibility over your private key than certreq, you could use OpenSSL command line tool to generate your private keys and your certificate signing request instead of certreq. Also, for a simple way, you could use this GUI tool startcomtool to generate your CSR and export the certificates.

How to create a .pfx certificate from a .cer whitout the private key?

2 Answers