is there a way to convert from a .key file to a .pfx file? thank you.
EDIT: I only have the .key file but my hosting provider says that I could convert it to .pfx with just that file.
Asked
Active
Viewed 5.8k times
4 Answers
23
To check if your .key file has everything you need:
#check if file contains a valid certificate:
openssl x509 -text -in file.key
It should print out certificate details. If it prints an error including the text "unable to load certificate", then your file is not sufficient.
#check if file contains a valid key:
openssl rsa -text -in file.key
openssl dsa -text -in file.key
One of the above commands should print out valid key details. The other will give an error with the text "expecting an rsa key" or "expecting a dsa key".
If the error text says "bad decrypt", you have provided an invalid passphrase, or the file is damaged.
If the error text says "Expecting: ANY PRIVATE KEY", then your file is not sufficient.
If you got a key, and one certificate which matches the key (and optionally some other certificates), then you have enough to convert the file to a pfx. Then, as ISW said, it's just a matter of
#convert file containing key and certificate(s) to PKCS#12 pfx file.
openssl pkcs12 -export -out file.pfx -in file.key
and you're done.
Stobor
- 44,246
- 6
- 66
- 69
-
4@jlp - No, OpenSSL is not a part of Windows, it is a standalone software package (http://www.openssl.org/), available also for Windows (http://www.openssl.org/related/binaries.html) – Mormegil Sep 06 '11 at 15:32
-
2If the first command fails, you can do this: open your .key and .spc in notepad, copy the whole content of both files and create a new one called `newfile.key`. Then run again the `openssl x509 -text -in newfile.key` command and it should work. Then you can convert the `newfile.key` to .pfx using `openssl pkcs12 -export -out newfile.pfx -in newfile.key` – dacap Nov 13 '13 at 01:32
-
1@dacap: Thanks - yes, if you have the key and certificate in separate files you can combine them as you describe. You can also use the method @fig suggested below, [using `-inkey` for the key file, and `-in` for the certificate (.spc) file](http://stackoverflow.com/a/553165/43452)... – Stobor Nov 20 '13 at 03:53
-
... Why Microsoft doesn't provide the function to convert .key to .pvk in pvk2pfx or signtool? – zwcloud Nov 28 '19 at 06:33
17
You could try this
https://www.sslshopper.com/ssl-converter.html
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
-
Hi Dave, the thing is that I only have a .key file, no .crt file. Is it possible that the .key contains the certificate? – Santiago Corredoira Feb 16 '09 at 13:13
-
My hosting provider insists that this is the format they use and that in it is contained the certificate. – Santiago Corredoira Feb 16 '09 at 13:14
-
1Years later... after scouring SO and going through at least a dozen similar questions and countless answers, this answer is EXACTLY what I needed to create a PFX (PKCS12) from a certificate, private key in a .KEY file, and a series of root/intermediate trust authorities. THANKS! – Omri Gazitt Sep 18 '12 at 22:02
-
2argh, sharing certificate's private key is not the best way to do it secure – Alex Sorokoletov Nov 01 '12 at 00:21
-
-
.pfx by nature requires public & private key. So you need to provide the public key to form the .pfx. For me, I use `openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.cer` and it works. After that just import the private key from .pfx into .jks. – user3437460 Aug 05 '20 at 10:18
1
According to the OpenSSL Command-Line HOWTO it should work using
# export mycert.key as PKCS#12 file mycert.pfx
openssl pkcs12 -export -out mycert.pfx -in mycert.key -name "My Certificate"
ISW
- 11,110
- 3
- 25
- 27
0
You can convert your .key file to .pvk using the tool http://www.chilkatsoft.com/p/p_347.asp and then use the instructions on GoDaddy to combine both .scp and .pvk into a .pfk. Just make sure you use a password when generating the .pvk file.
Petre Lukarov
- 136
- 3