Obtain a PFX certificate from a CRT and a private key
What's in the box?
The Windows Certutil utility can be used to generate a PFX certificate from a file in CRT format and a private key (private key). Under Windows, the PFX certificate format (PKCS#12) is used by the IIS Web server. Its special feature is that the certificate and private key are included in the same file, rather than in two separate files.
As a result, if you have a certificate in a ".CRT" file and a ".KEY" private key file, you can't import it as is into IIS. On the other hand, on a Linux environment it's royal, as you generally need both files.
Under Windows, there is a utility built into the system called " certutil "which allows handling certificates. We can use it to generate the PFX certificate without installing additional software. In many cases, you install OpenSSL on your Windows machine to perform this operation (as you would under Linux), but it's not essential!
1. Certutil: generate a PFX certificate
From the CRT file and the key file, we'll generate a PFX certificate containing both files, in this format. Let's imagine we have the following two files: certificate.crt and certificate.key. We wish to obtain the file certificate.pfx.
From a Windows Command Prompt or PowerShell console, the following command should be executed:
certutil -MergePFX certificate.crt certificate.pfxSo, yes, the name of the key is not specified in the above command, but that's normal. However, the certificate.crt and certificate.key files must be in the same folder for this to work! Note also that :
- le fichier de la clé privée doit avoir l’extension « .KEY » impérativement !
- le fichier du certificat et le fichier de la clé privée doivent avoir le même nom (sans tenir compte de l’extension qui est différente)
If you follow these instructions, the output file in PFX format will be obtained without difficulty.
For OpenSSL enthusiasts, here's the equivalent syntax for outputting a PFX certificate:
OpenSSL.exe pkcs12 -export -in certificat.cer -inkey certificat.key -out certificat.pfxYou've got a PFX format certificate in your hands: all that's left to do is set it up within your application, whether in IIS or elsewhere.
2. Conclusion
Thanks to this article from the Computer Tutorials box, you will be able to convert a CRT certificate and private key to PFX format using the Certutilor even OpenSSL.
Resources :
