I want to combine my rsa.public with my rsa.private to a .pfx that I can use to digitally sign an xml file

Question

Here is the code I have so far:

for the private key:

openssl genrsa -out rsa.private 1024

for the public key:

openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

Then I'm trying to generate a cert with OpenSSL with the proper X.509 extensions in order to pack it into a PFX/PKCS12 file:

openssl req -key .ssh/id_rsa -new -x509 -days 730 -out .ssh/id_rsa.crt

And I receive this error:

req: Use -help for summary. 
error in req

Can anyone help me understand what I am doing wrong? Conceptually, I just want to create a .pfx with private key file + public file not using a domain name so that I may digitally sign a file. Do not want a password with the .pfx file.

Andrew Schulman · Answer 1 · 2023-01-17T18:12:59.150

1

You create a PKCS12 file with openssl pkcs12, like this:

openssl pkcs12 -in rsa.public -inkey rsa.private -export -password pass: -out rsa.pfx

THe -password pass: means an empty password. See the manual pages for pkcs12 and openssl.

edited Jan 17 '23 at 18:12

answered Nov 19 '20 at 15:06

Andrew Schulman

8,811
21
32
47

I want to combine my rsa.public with my rsa.private to a .pfx that I can use to digitally sign an xml file

1 Answers1