7

This has me confused:

Convert pfx to PEM:
openssl pkcs12 -in certificatename.pfx -out certificatename.pem

Do this dumps out a single plain text file.

Now how do I convert this plain text pem back to pfx?

The only commands I see to convert to pfx require the cer and private keys in separate files:

Convert CER and Private Key to PFX:    
openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile  cacert.cer
red888
  • 27,709
  • 55
  • 204
  • 392
  • 1
    Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Sep 19 '16 at 18:37
  • 1
    ASN1./DER and PEM are encoding or presentation formats. That is specified with `-inform`, `-outform`, `-certform`, etc. Probably duplicates: [How to create .pfx file from certificate and private key?](http://stackoverflow.com/q/6307886) and [Convert a CERT/PEM certificate to a PFX certificate](http://stackoverflow.com/q/808669) – jww Sep 19 '16 at 18:40
  • @jww+ although OpenSSL in general uses -inform, -outform, etc like that, `pkcs12` is an exception. The P12 file itself is always DER never PEM, and the key&certs imported from P12 or exported to P12 are only supported as PEM. – dave_thompson_085 Oct 21 '17 at 02:05

2 Answers2

11

Although I concur this is not really programming and arguably offtopic, numerous similar Qs about commandline tools (openssl, keytool, certutil etc) for (crypto) keys and certs are apparently accepted by the community (upvoted) -- but none I've seen directly addresses this point.

The different options on openssl pkcs12 -export allow you to provide the pieces in different files, but that is not required. If you do have the privatekey and chain of certs in one PEM file, as output by default by pkcs12 [not -export], you can let everything be read from that one file:

 openssl pkcs12 -export -in file -out p12
 # or ONLY IF the privatekey is first in the file
 openssl pkcs12 -export <file -out p12

and you can even combine the pieces 'on the fly' as long as you put privatekey first:

 cat privkey.pem mycert.pem chain.pem | openssl pkcs12 -export -out p12
dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
4

You can use the command below to convert PEM (.pem, .crt, .cer) to PFX:

openssl pkcs12 -export -out **<your_new_file_name>**.pfx -inkey **<private_key_of_your_existing_certificate>**.key -in **<your_existing_certificate_file>**.crt

This will be very generic for all above mentioned files.

Aimery
  • 1,559
  • 1
  • 19
  • 24
Vishal Charpe
  • 73
  • 2
  • 4
    But he is asking how to convert single PEM file (not separate files for certificate and private key) containing both certificate & private key into PFX. – kamilz Jan 20 '21 at 15:56