stackoom
  简体   繁体   中英

OpenSSL create pfx certificate

 原文  2021-11-02 03:28:41       ssl/ openssl/ certificate

Question

I have create.pem file from.cert file using the below line in openssl.exe:

OpenSSL> x509 -inform der -in C:\Certificate\Binary_Certificate_245568.cer -out C:\Certificate\Binary_Cert.pem

It worked without any issues.

Then when I try to generate the pfx file from.cert and.pem file using the following statement I get error:

OpenSSL> pkcs12 -inkey C:\Certificate\Binary_Cert.pem -in C:\Certificate\Binary_Certificate_245568.cer -export -out C:\Certificate\SGS_VS_CERT.pfx

unable to load private key
34359836736:error:08064066:object identifier routines:OBJ_create:oid exists:crypto/objects/obj_dat.c:698:
34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:
error in pkcs12

Can anyone please advise what I am doing wrong as I need to generate.pfx file. Thanks

1 answers

solution1
 0  2022-03-12 14:58:44

You can follow steps given below in order to create.pfx certificate by combining the external CA issued server(.cer), intermediate(.cer) and root(.cer) certificates into one file (.pfx) on redhat linux server using openssl tool:

A) To run below command for generating the CSR in linux using openssl tool -

[user@machine]$ openssl req -new -nodes -newkeys rsa:2048 -keyout myapp.mydomain.com.key -out myapp.mydomain.com.csr -sha256

Note: -nodes means 'NOT TO USE DES ALOGORITHM' and create multiple backup of this key file, which will be used again during certificate renewal.

B) To generate.pfx ( certificate chain sequence to be SERVER-CER --> INTERMEDIATE-CERT --> ROOT-CERT ) in linux using openssl.

  • SERVER-CERT myapp.mydomain.com.cer
  • INTERMEDIATE-CERT myintermediatecert.com.cer
  • ROOT-CERT myrootcert.cer
  • KEY FILE myapp.mydomain.com.key

STEP 1 - To combine all certificates in one pem certificate(myapp.mydomain.pem) using command 'cat' in redhat.

[user@machine]$ cat myapp.mydomain.com.cer myintermediatecert.com.cer myrootcert.cer > myapp.mydomain.com.pem (output pem cert)

STEP 2 - To convert PEM to PFX by importing the private key with password configured.

[user@machine]$ openssl pkcs12 -export -out myapp.mydomain.com.pfx -inkey myapp.mydomain.com.key -in myapp.mydomain.com.pem

Note: you will get an option to set the password to output.pfx file.

STEP 3: To verify.pfx file using openssl by entering the password.

[user@machine]$ openssl pkcs12 -in myapp.mydomain.com.pfx -info

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create a SSL certificate with openssl Cannot create pfx file from cer file with openssl Trying to create a password-protected PFX file results in openssl error: " Trying to generate a pfx from crt and private key from GoDaddy using openssl fails with No certificate matches private key Create pfx file from Symantec code signing certificate Create a PFX File from GoDaddy Issued Private Key and Wildcard Certificate How to revoke certificate ".pfx"? SSL = Cannot create certificate for IIS (Cannot create PFX file from KEY+Certificate+RootCa) Cannot create OpenSSL S/MIME certificate in PHP Create a new TLS certificate signed by an intermediate certificate using openssl
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM