Generate pfx certificate from pem rsa

Question

I have a PEM RSA private key generated with opendkim:

# dkim-genkey -t -s code001 -d domain.com

and for use it with exchange, i need to convert it to pfx with this command:

# openssl pkcs12 -export -in code001.private -nodes -out code001.pfx -nokeys
Enter Export Password:
Verifying - Enter Export Password:
4192275:error:0D0C6070:asn1 encoding routines:ASN1_item_pack:encode error:asn_pack.c:170:

but i receive this error, and i don't know if this is the correct way to do that.

score 5 · Accepted Answer · answered May 07 '13 at 10:15

5

It fails because code001.private only contains an RSA key, while pkcs12 expects a certificate to go with it. In addition, as said by Stephane, the -nokeys option will cause openssl to skip the private key.

You can generate a certificate with

openssl req -new -x509 -key code001.private -out code001.pem

and fill in the interactive questions, then generate the pfx with

cat code001.private code001.pem |openssl pkcs12 -export -out code001.pfx

answered May 07 '13 at 10:15

b0fh

3,313
1
21
32

Works perfect, i had this problem several days, really thanks – Ricardo Fraile May 07 '13 at 10:42

score 1 · Answer 2 · answered May 07 '13 at 10:12

the -nokeys parameter will cause OpenSSL not to include any private key in the output and the -nodesparameter will ask it not to encrypt any private key. This is not going to result in a usable PKCS#12 file anyway.

Try it with:

openssl pkcs12 -export -in code001.private -out code001.pfx

score 0 · Answer 3 · answered Mar 24 '18 at 16:58

0

Try with: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

answered Mar 24 '18 at 16:58

Diego Souza

121
1
4

Generate pfx certificate from pem rsa

3 Answers3