Главная > Без рубрики > Combine CRT and KEY Files into a PFX with OpenSSL

Combine CRT and KEY Files into a PFX with OpenSSL

12 октября 2015

Say for example you have a .crt and a .key file which had the private key in it. What if you have to combine the .crt and .key file into a password protected .pfx file so that you can import the certificate and private key onto the servers? That’s what I had to do. I’ve tried to make this entry as no-nonsense as possible, so I put together sample screenshots of what the process looks like.

Example files when starting:

vdi.elgwhoppo.com.crt

vdi.elgwhoppo.com.key

First we need to extract the root CA certificate from the existing .crt file, because we need this later. So open up the .crt and click on the Certification Path tab.

clip_image002

Click the topmost certificate (In this case VeriSign) and hit View Certificate. Select the Details tab and hit Copy to File…

clip_image004

Select Base-64 encoded X.509 (.CER) certificate

clip_image006

Save it as rootca.cer or something similar. Place it in the same folder as the other files.

clip_image008

Rename it from rootca.cer to rootca.crt

Now we should have 3 files in our folder from which we can create a PFX file.

clip_image010

Here is where we need OpenSSL. We can either download and install it on Windows, or simply open terminal on OSX.

Open terminal on OSX and CD to the directory the files are in. For Windows users, copy and paste the above three files into the default OpenSSL install location on Windows: C:\OpenSSL-Win32\bin. Then open a command prompt and change directories to C:\OpenSSL-Win32\bin. From this point the commands are the same.

We can see the three files.

clip_image012

The command syntax for my example is:

openssl pkcs12 -export -out vdi.elgwhoppo.com.pfx -inkey vdi.elgwhoppo.com.key -in vdi.elgwhoppo.com.crt -certfile rootca.crt

clip_image014

If everything was entered correctly, you should be prompted to create a password for the PFX file. Enter a password and confirm it. When finished you should have a working PFX file to import on your Windows boxes either via the MMC or IIS. You will need the password when importing the pfx.

clip_image016

Комментирование отключено.