How to convert SSL certificates generated to PKCS12 - ssl

I got the crt+ca bundle and private key from https://punchsalad.com/ssl-certificate-generator/, I wonder how to convert the files into PKCS12 which I can use in SpringBoot?
I found online tutorials only mention .pem format and the following instruction needs chain.pem. I wonder how to get this file.
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
Relevant links:
https://www.sslshopper.com/ssl-converter.html
Thank you.

Glad to help you,
I just ran into this problem.
The ssl files obtained from https://punchsalad.com/ssl-certificate-generator/ are txt files containing ca-bundle.txt and private-key.txt
To convert to pfx, just change the downloaded txt file ca-bundle.txt to certificate.crt, private-key.txt to private.key and enter the following command.
sudo openssl pkcs12 -export -out FILE.pfx -inkey private.key -in certificate.crt
-certfile command is options.
I am successful when uploading pfx in Azure Web App Service.

Related

Unable to create p12 file from key and crt file

I am trying to create a p12 keystore using the following command:
openssl pkcs12 -export -out localhost.p12 -name "localhost" -inkey localhost.key -in localhost.crt
However, the generate keystore file is blank (0KB). I am unable to comprehend where I am going wrong.
I can provide the localhost.key and localhost.crt files if needed.
Thanks and regards.

OpenSSL create pfx certificate

I have create .pem file from .cert file using the below line in openssl.exe :
OpenSSL> x509 -inform der -in C:\Certificate\Binary_Certificate_245568.cer -out C:\Certificate\Binary_Cert.pem
It worked without any issues.
Then when I try to generate the pfx file from .cert and .pem file using the following statement I get error:
OpenSSL> pkcs12 -inkey C:\Certificate\Binary_Cert.pem -in C:\Certificate\Binary_Certificate_245568.cer -export -out C:\Certificate\SGS_VS_CERT.pfx
unable to load private key
34359836736:error:08064066:object identifier routines:OBJ_create:oid exists:crypto/objects/obj_dat.c:698:
34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:
error in pkcs12
Can anyone please advise what I am doing wrong as I need to generate .pfx file. Thanks
You can follow steps given below in order to create .pfx certificate by combining the external CA issued server(.cer), intermediate(.cer) and root(.cer) certificates into one file (.pfx) on redhat linux server using openssl tool :
A) To run below command for generating the CSR in linux using openssl tool -
[user#machine]$ openssl req -new -nodes -newkeys rsa:2048 -keyout myapp.mydomain.com.key -out myapp.mydomain.com.csr -sha256
Note : -nodes means 'NOT TO USE DES ALOGORITHM' and create multiple backup of this key file, which will be used again during certificate renewal.
B) To generate .pfx ( certificate chain sequence to be SERVER-CER --> INTERMEDIATE-CERT --> ROOT-CERT ) in linux using openssl.
SERVER-CERT myapp.mydomain.com.cer
INTERMEDIATE-CERT myintermediatecert.com.cer
ROOT-CERT myrootcert.cer
KEY FILE myapp.mydomain.com.key
STEP 1 - To combine all certificates in one pem certificate(myapp.mydomain.pem) using command 'cat' in redhat.
[user#machine]$ cat myapp.mydomain.com.cer myintermediatecert.com.cer myrootcert.cer > myapp.mydomain.com.pem (output pem cert)
STEP 2 - To convert PEM to PFX by importing the private key with password configured.
[user#machine]$ openssl pkcs12 -export -out myapp.mydomain.com.pfx -inkey myapp.mydomain.com.key -in myapp.mydomain.com.pem
Note : you will get an option to set the password to output .pfx file.
STEP 3 : To verify .pfx file using openssl by entering the password.
[user#machine]$ openssl pkcs12 -in myapp.mydomain.com.pfx -info

How to get the certificate part only and the private key part only respectively from PEM file in the command way?

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM, by, for instance:
openssl pkcs12 -in cert_and_pvt_key.pfx -out cert_and_pvt_key.pem
then I have a PEM file with both certificate and private key, now, I want to get certificate file and private key file respectively, yes, I know cert_and_pvt_key.pem is in text format, we can copy the key part and cert part as we like, but, this is not elegant, I want something sophisticated, like openssl pkcs12, is there anything available?
You can use the -nocerts and -nokeys option to openssl pkcs12 to only output the part you need. Run openssl pkcs12 with each in turn:
openssl pkcs12 -in cert_and_pvt_key.pfx -nokeys -out cert.pem
then:
openssl pkcs12 -in cert_and_pvt_key.pfx -nocerts -out pvt_key.pem
If you haven't got access to the original PKCS#12 file, then it becomes a little more difficult. The following should work:
openssl pkcs12 -export -in cert_and_pvt_key.pem | openssl pkcs12 -nokeys -out cert.pem
and:
openssl pkcs12 -export -in cert_and_pvt_key.pem | openssl pkcs12 -nocerts -out pvt_key.pem
However, this asks for a pass-phrase when the the PKCS#12 is created and again when it attempts to split the file to certificate and keys. OpenSSL provides the -nodes verb to disable this pass-phrase, but it doesn't seem to work with -export. Therefore, it would fail in a script.
Otherwise, you're left with splitting the file with awk or similar. There are plenty of examples on this site.

How to create .pfx file from sslopenfree 3 files output?

I know there are other similar Q/A about this but they are somewhat confusing and do not help solving my question.
I got a certificate from sslforfree: zip output contains 3 files:
ca_bundle.crt
certificate.crt
private.key
As I need to provide my maintainer with a .pfx certificate, I installed OpenSSL and tried to follow some hints on this and other forums.
The command line should be:
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
OR
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt
It's not clear to me:
what does "domain.name" refers to, for even if I typed my domain's
name in creating the certificate, none of the 3 received files
contains a visible reference to it.
should I use ca_bundle.crt or certificate.crt in creating the .pfx ?
Could someone please give me a plain command line example, given above received files' names?
It came out that trying to use "ca_bundle.crt" resulted in a command line verbose error output, so I switched to "certificate.crt" and it worked just fine. Again, I have no idea what the "ca-bundle.crt" file is for, but it looked totally useless for my present needs.
Given input files the command line used was:
openssl pkcs12 -export -out xyzdomain.com.pfx -inkey private.key -in certificate.crt
and the exported .pfx was subsequently successfully installed.
The command which you have found is exactly correct I will just reframe you the code as per your file names
1) ca_bundle.crt
2) certificate.crt
3) private.key
openssl pkcs12 -export -out filename.pfx -inkey private.key -in certificate.crt -in ca_bundle.crt
As you have ca_bundle.crt you don't need to insert -in intermediate.crt -in rootca.crt commands in OpenSSL since it contains both intermediate and root
Else you can check out the alternate way here
In the second command OpenSSL pkcs12 -export -out xyzdomain.com.pfx -inkey private.key -in certificate.crt, you have not used the intermediate and root so you will get an error of intermediate missing on any SSL checker
If you get error while importing ca-bundle.crt, you need to ask your vendor to provide the correct bundle certificate file

Cannot create pfx file from cer file with openssl

I'm sure that this has been asked you several times, but solutions to that cases didn't work for me. So I need your help.
Consider x.root.cer is CA's certificate, x.app.cer is Application's certificate signed by CA's certificate, and x.app.private.pem is Application's private key.
I'm using following command in order to create pfx file (want to include both private key and certificate of application).
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx -certfile x.root.cer
Even though I know (can see) that 3 files are there, I'm getting the following error:
unable to load certificates
Can you please help me about this error?
Well, finally I suceeded with this command
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx
That means I shouldn't use -certfile parameter.