0

I bought a (E-mail ID Business (S/MIME)) certificate from certum, hoping to use to sign pdf files more affordable. They have send me the files in plain(pem) and in binary(cer).
Here is the file list I downloaded:

  • Certificate chain Certum Digital Identification CA SHA2.cer
  • Certificate chain Certum Digital Identification CA SHA2.pem
  • Certificate chain Certum Trusted Network CA.cer
  • Certificate chain Certum Trusted Network CA.pem
  • Certificate.cer
  • Certificate.pem

I tried to use below command to create p12 file.

"openssl.exe" pkcs12 -export -in D:\xampp_data\MIME\Certificate.cer -inkey D:\xampp_data\MIME\Certificate.cer -out Certificate.p12 -name "MyCert" -password pass:MyCert
  • When using the command with D:\xampp\php\extras\openssl\openssl.exe, windows 11 console does not gives any error. And there is no output file too.
  • When using the command with C:\Program Files\OpenSSL-Win64\bin\openssl.exe, windows 11 console gives below error. Win64 OpenSSL v3.0.5 Light
D:\xampp_data\MIME>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -in D:\xampp_data\MIME\Certificate.cer -out Certificate.p12 -name "MyCert" -password pass:MyCert
Could not read private key from -in file from D:\xampp_data\MIME\Certificate.cer
Tugalsan Karabacak
  • 315
  • 1
  • 11
  • **Any/every certificate is NOT a private key.** To sign anything, you must have BOTH the private key AND the certificate (often plus its intermediate or chain cert(s)). You generally create the private key when you create the CSR you send to the CA: with openssl this can be two steps e.g. `genpkey` or `genrsa` then `req -new`, or combined as `req [-new] -newkey`. And this isn't programming or development; security.SX would be more suitable. – dave_thompson_085 Oct 05 '22 at 15:21
  • Before using lets encrypt, I have used comodo for domain ssl certificate. There, yes I am familiar with creating a key to start the process. But for personal signing certificate certum did not asked any. I think it is better I try to reach them with email, and return my findings here. – Tugalsan Karabacak Oct 05 '22 at 21:02
  • certum response: your certificate was generated using CSR. After issuing the certificate using this method, there is no pfx file to download. I am sending below a link to our application and instructions in which it is shown how to generate a pfx file. https://www.support.certum.eu/en/what-is-csr/ – Tugalsan Karabacak Oct 06 '22 at 22:47

0 Answers0