Convert .cer and .key files to .pfx file using OpenSSL
Question
I'm looking at the Convert PEM to PFX section on https://www.sslshopper.com/ssl-converter.html :
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Why are there two .crt files? I have only one.
1 answers
solution1
1 ACCPTED 2020-02-27 19:10:09
The PFX file can holds a certificate chain from the main certificate/private key to issuer certificates to the CA certificate.
Normally I don't include the CA certificate as this should already be in all the machine CA lists anyway, but it is a good idea to include all the intermediate certificates.
The "-certfile" is the example above looks to be including the CA certificate (ie the issuer of the certificate.crt certificate).
The "-certfile" is optional, so you don't need to provide it if you don't have a CA or intermediate certificates.
You would normally get any intermediate or CA certificates from the CA that generated the certificate for you. You use the "-certfile" argument for each additional certificate you want to add to the pfx file.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.