2
votes

Before questioning here. I've searched a lot about my problem. And problem is still exists. Below is the references of posts, which I've already read.

How to create .pfx file from certificate and private key?

Convert a CERT/PEM certificate to a PFX certificate

How to get .pem file from .key and .crt files?

How to generate a .pfx file from a .cer file?

Overview

I'm working on:

Windows 10 64bit

IIS (Version 10.0.16299.15)

I've installed Win32 OpenSSL v1.1.0g

These are the files that I have available:

  • server.cer

  • server.key

What I've tried?

I have also tried various things from trawling through posts but my lack of experience in this area is really impeding my efforts.

Below commands I have tried in Terminal to create my server.key and server.cer file.

set RANDFILE=c:\certificate\.md

set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg

c:\OpenSSL-Win32\bin\openssl.exe genrsa -out server.key 2048`

c:\OpenSSL-Win32\bin\openssl.exe req -new -key server.key -out server.cer -config C:\OpenSSL-Win32\bin\openssl.cfg

c:\OpenSSL-Win32\bin\openssl.exe pkcs12 -export -in server.cer -inkey server.key -out server.pfx

Output enter image description here

Error: unable to load certificates

What I want?

How to create .pfx file from certificate and private key? Let me know what I'm doing wrong in my code.

2

2 Answers

1
votes

The req command creates a certificate request by default, not a certificate. If you add the -x509 argument, it will self-sign the request using the provided key, and output a certificate instead. You should then be able to create the .pfx successfully.

6
votes

Although, the question is answered, I would like to add a simpler solution.

There is no need to use any 3rd party tools (including OpenSSL) on Windows. You can use built-in certutil.exe tool. Place both files in the same folder and give the same name to files (e.g. server.cer and server.key) and run the following command:

certutil -mergepfx path\server.cer

Certutil will expect to find a key file in the same folder with .key file extension.