Wednesday, November 27, 2013

Misc : Certificate conversions

On Windows, you have the good, old PFX file which contains both the certificate and private key (and the password for the private key).

But in the Linux world, when you complete the certificate request, you get the information in separate files i.e.

  • cert.crt       (the certificate)
  • cert.key     (the private key)
  • ca.crt         (the CA information)

To convert them into something Windows can use, you need OpenSSL.

You can get a Windows version here: Win32 OpenSSL Installation Project

(Please make a donation if appropriate).

The command you need is:

openssl pkcs12 -export -out cert.pfx -inkey cert.key -in cert.crt -certfile ca.crt

You may get an error:

"unable to write 'random state'"

in which case, set an environment variable:

set RANDFILE=C:\"Directory files are in"\.rnd

Out of interest, if you want to go the other way:

openssl pkcs12 -in cert.pfx -out cert.cer -nodes


