Home
» PKCS12
» Create pfx PKCS12 using certificate and private key file in openssl for third party CA
Tuesday, July 20, 2021
Create pfx PKCS12 using certificate and private key file in openssl for third party CA
Hello Everyone, Welcome to another article where we will share step by step process to generate pfx PKCS12 using private key and certificate along with chain certificate for third party CA also for self sign certificates. So lets begin without any further due.
Create pfx PKCS12 using certificate and private key file for third party CA
First download openssl for windows here
On Ubuntu
sudo apt update
sudo apt install build-essential checkinstall zlib1g-dev -y
On Centos first download Development tools and binaries
yum group install 'Development Tools'
yum install perl-core zlib-devel -y
Use below command to install openssl
wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
After that extract using below command
tar -xf openssl-1.0.2o.tar.gz
cd openssl-1.0.2o
In order to create pfx using private key and certificate you need below files handy.
For self signed certificates
1. Domain/Server certificate
2. Private key file
For Third party CA certificate
1. Domain/Server certificate
2. private key
3. Intermediate certificate
4. Root Certificate
To create pfx for self sign certificate use below command in openssl.
if it is linux use anywhere if windows then go to openssl/bin in command prompt and run below command after modifying the file names.
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in domain.cer
keep atleast 6 digit strong password
.cer or .crt both are same so use any of these even .pem also can be used as extension.
For Third party CA certificate.
First create chain bundle file by merging Intermediate and root certificate
On linux run command
cat intermediate.cer root.cer > chain.crt
it will export chain.crt
On Windows merge it by copy root certificate content under intermediate certificate in below order and save it as chain-bundle.cer
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
After chain bundle file is created use below command after modifying file names to create pfx, same command can be used on windows and linux.
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in domain.cer -certfile chain.cer
And keep any strong password atleast of 6 digit and it will export pfx file.
Also read:- How to create a JKS file
Stay tuned for more blogs :)
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment