21

is there a way to convert from a .key file to a .pfx file? thank you.

EDIT: I only have the .key file but my hosting provider says that I could convert it to .pfx with just that file.

Improve this question

4 Answers 4

Reset to default
23

To check if your .key file has everything you need:

#check if file contains a valid certificate: openssl x509 -text -in file.key

It should print out certificate details. If it prints an error including the text "unable to load certificate", then your file is not sufficient.

#check if file contains a valid key: openssl rsa -text -in file.key openssl dsa -text -in file.key

One of the above commands should print out valid key details. The other will give an error with the text "expecting an rsa key" or "expecting a dsa key".

If the error text says "bad decrypt", you have provided an invalid passphrase, or the file is damaged.

If the error text says "Expecting: ANY PRIVATE KEY", then your file is not sufficient.

If you got a key, and one certificate which matches the key (and optionally some other certificates), then you have enough to convert the file to a pfx. Then, as ISW said, it's just a matter of 

#convert file containing key and certificate(s) to PKCS#12 pfx file. openssl pkcs12 -export -out file.pfx -in file.key

and you're done.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

@jlp - No, OpenSSL is not a part of Windows, it is a standalone software package (openssl.org), available also for Windows (openssl.org/related/binaries.html)
If the first command fails, you can do this: open your .key and .spc in notepad, copy the whole content of both files and create a new one called newfile.key. Then run again the openssl x509 -text -in newfile.key command and it should work. Then you can convert the newfile.key to .pfx using openssl pkcs12 -export -out newfile.pfx -in newfile.key
@dacap: Thanks - yes, if you have the key and certificate in separate files you can combine them as you describe. You can also use the method @fig suggested below, using -inkey for the key file, and -in for the certificate (.spc) file...
... Why Microsoft doesn't provide the function to convert .key to .pvk in pvk2pfx or signtool?
19

You could try this
https://www.sslshopper.com/ssl-converter.html

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Improve this answer

6 Comments

Hi Dave, the thing is that I only have a .key file, no .crt file. Is it possible that the .key contains the certificate?
Years later... after scouring SO and going through at least a dozen similar questions and countless answers, this answer is EXACTLY what I needed to create a PFX (PKCS12) from a certificate, private key in a .KEY file, and a series of root/intermediate trust authorities. THANKS!
argh, sharing certificate's private key is not the best way to do it secure
user65663, you are the best.
.pfx by nature requires public & private key. So you need to provide the public key to form the .pfx. For me, I use openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.cer and it works. After that just import the private key from .pfx into .jks.
|
1

According to the OpenSSL Command-Line HOWTO it should work using

# export mycert.key as PKCS#12 file mycert.pfx openssl pkcs12 -export -out mycert.pfx -in mycert.key -name "My Certificate"
Improve this answer

Comments

0

You can convert your .key file to .pvk using the tool http://www.chilkatsoft.com/p/p_347.asp and then use the instructions on GoDaddy to combine both .scp and .pvk into a .pfk. Just make sure you use a password when generating the .pvk file.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.