19

I have used openssl to create a .key and .cer file in pem format (you can read them). Now I want to create .pfx file from them. I have read openssl doumentation it says something like following command I can use

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

but I don't know which one is my .cer file (certificate.cer or CACert.cer) what is differences between these two files?

user217648
  • 3,338
  • 9
  • 37
  • 61

1 Answers1

22

The certificate.cer is your public key and the CACert.cer file (as it names suggest) is the public key of a CA (maybe the one who has signed your certificate).

The -in switch specifies input certificate to embed in output file

The -inkey switch specifies the key file you've generated using OpenSSL

The -out switch tells the openssl your desired name for output file

The -certfile is used to specify additional certificates to add to the output pfx file (it could be ignored)

zaerymoghaddam
  • 3,037
  • 1
  • 27
  • 33
  • what if I have no CACert.cer or I have used Self Signed Certificate? does the command generate right .pfx file? – user217648 Oct 05 '13 at 16:40
  • 3
    Yes. It's not necessary to have the issuer certificate in your pfx file. If you install such pfx (without CA cer) in your windows, you have to install its CA certificate independently to make it possible for windows to detect the certificate chain and validate the certificate – zaerymoghaddam Oct 05 '13 at 17:15
  • what if we dont have the private key ? – Chaitanya Gudala Mar 15 '16 at 14:57
  • The pfx format is typically used as a container for a pair of public-private key. If you don't have a private key, then maybe a simple cer file, containing a public key, would be enough for your use case – zaerymoghaddam Mar 15 '16 at 15:02
  • When executing the command: openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer Return: Unable to load certificates. But I am referencing the certificate in the executed command, inside the folder that is my .cer – Vinícius Matos Apr 24 '18 at 14:45
  • Are you sure about the spelling of the file names and also the permission of them? – zaerymoghaddam Apr 25 '18 at 09:01