I am having issues with converting between .P7B to .PFX using a .keystore private key file
It produces the error
unable to load private key 2388:error:0909006C:PEM
when i run the command
openssl pkcs12 -export -out cert.pfx -inkey privatekey.keystore -in cert.cer
please help
According to the Oracle Documentation, a keystore is most likely The proprietary keystore implementation provided by and nothing that openSSL can convert.
As far as I know only java implementations can do this. Here are some tools that might help:
http://portecle.sourceforge.net/
https://keystore-explorer.org/index.html
Related
I got the crt+ca bundle and private key from https://punchsalad.com/ssl-certificate-generator/, I wonder how to convert the files into PKCS12 which I can use in SpringBoot?
I found online tutorials only mention .pem format and the following instruction needs chain.pem. I wonder how to get this file.
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
Relevant links:
https://www.sslshopper.com/ssl-converter.html
Thank you.
Glad to help you,
I just ran into this problem.
The ssl files obtained from https://punchsalad.com/ssl-certificate-generator/ are txt files containing ca-bundle.txt and private-key.txt
To convert to pfx, just change the downloaded txt file ca-bundle.txt to certificate.crt, private-key.txt to private.key and enter the following command.
sudo openssl pkcs12 -export -out FILE.pfx -inkey private.key -in certificate.crt
-certfile command is options.
I am successful when uploading pfx in Azure Web App Service.
I am trying to use OpenSSL in the terminal. I have installed OpenSSL using brew install openssl. I want to convert a .pem file to another format that my hosting provider will accept.
I have tried several different formulations of the code and plying the certificate from different places but none seem to work and all give me various error messages including permission denied.
This is what I tried last...
openssl pkcs12 -in /Users/myname/fullchain.pem -inkey /Users/myname/privkey.pem -out /Users/myname/fullchain.pfx -cacerts
This is my output
4552226412:error:0DFFF0A8:asn1 encoding routines:CRYPTO_internal:wrong tag:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.250.1/libressl-2.6/crypto/asn1/tasn_dec.c:1125:
4552226412:error:0DFFF03A:asn1 encoding routines:CRYPTO_internal:nested asn1 error:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.250.1/libressl-2.6/crypto/asn1/tasn_dec.c:306:Type=PKCS12
What might this mean and what code should I be using?
Edit: I am getting output files but they are of course empty.
That error message is usually when the certificate format you pass to the command is not what it is expecting. The following command should solve it for you.
openssl pkcs12 -export -out /Users/myname/fullchain.pfx -inkey /Users/myname/privkey.pem -in /Users/myname/fullchain.pem
It should prompt you to enter an export password to encrypt the .pfx files content if it has succeeded.
I work with certificates and occasionally need to convert a private certificate .PFX extension for .PEM extension, but I can only consume it in a webservice if it is generated without a password, that is, unprotected.
If I try to generate it with password (being the same password as or not of .PFX certificate), I can not consume it in webservice (I get the error "403 - Forbidden").
Can you tell me why this occurs?
To generate it unprotected, I use the command below (through OpenSSL):
pkcs12 -in certificate.pfx -out certificate.pem -nodes
To generate it with password, I use this one:
pkcs12 -in certificate.pfx -out certificate.pem
I can not understand why the error occurs, since OpenSSL does not indicate a failure.
I use Windows environment, so I use an OpenSSL tool I found on the internet.
I am trying to upload my adobe air app to Google Play. I have opted in for Google Play App Signing and cannot opt out now. They provide me with .der certificate which I wish to convert to p12 in order to use it in my adobe AIR app. I know this can be done through openSSL but I did not get any perfect tutorial to do so. Can anyone point me to the right steps to make this conversion?
DER file is X.509 certificate. So it includes your certificate.
You can try below steps to convert .DER file into p12 file. These steps worked for me.
Option 1:
If you are using MAC, you can drag and drop .DER file into Keychain Access.
After it is imported to Keychain.
Export that certificate into p12 file by selecting that certificate from Keychain. Right click on certificate, You will get option to export.
If you don't get p12 option, export it into .cer and convert it into p12 using below command
openssl pkcs12 -info -in keyStore.p12
Option 2:
Use below commands to convert DER into P12. I already tried and tested them.
Get private key or generate private key if you don’t have.
You can generate private key using below command. If private key is not generate for DER format, then convert your DER file into PEM file using openssl command(openssl x509 -inform der -in certificatename.der -out certificatename.pem).
openssl rsa -in certificate.der -out privatekey.key -outform DER
Export DER into p12
openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in certificate.der. -certfile certificate.der
For More details on ssl commands you can also look at them on below link https://knowledge.digicert.com/solution/SO26449.html
Hope that helps
I'm sure that this has been asked you several times, but solutions to that cases didn't work for me. So I need your help.
Consider x.root.cer is CA's certificate, x.app.cer is Application's certificate signed by CA's certificate, and x.app.private.pem is Application's private key.
I'm using following command in order to create pfx file (want to include both private key and certificate of application).
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx -certfile x.root.cer
Even though I know (can see) that 3 files are there, I'm getting the following error:
unable to load certificates
Can you please help me about this error?
Well, finally I suceeded with this command
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx
That means I shouldn't use -certfile parameter.