cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Convert CRT to PFX for Azure

Hello, I've read many other posts for this similar issue but none of the solutions provided have worked out.  When created the SSL cert I received the generated-csr.txt and generated-private-key.txt files.  I also downloaded the zipped certificate file which contains the .crt, .pem, and .p7b files.

 

I saw that you can convert these files to PFX by using openssl with this command:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt

 

Whenever I try to run this it says "unable to load private key".  Can someone please tell me which of the 5 files provided go where in this command?  I've tried different combinations without any luck.  Is the "-inkey" file the generated-private-key.txt file or the .pem file?  Is "-certfile" the .crt file or the .p7b file?

 

I also saw mention that the private key file might need to be saved in a different file format.  If that is the case can someone please explain exactly what needs to happen to get that done?

1 ACCEPTED SOLUTION
Resolver III

Hey,

 

I found this in the archive here, I hope it will help.

 

1) Open generated-private-key.txt in Notepad++ and change the encoding from UTF-8=BOM to UTF-8
2) Run this command (use Cmder or something with openssl):
openssl pkcs12 -export -out mydomain.pfx -inkey generated-private-key.txt -in certificate.crt

I had sometimes problems with '-certfile' option.

 

PS: I'd be interested in having a look at the format of the generated-private-key.txt. NOT the whole file - only the line with the encoding and any other readable text around the key "blob". We are finishing a tool for this kind of situations and it sounds like this file is specific to GoDaddy. A private message would be great!

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

View solution in original post

3 REPLIES 3
Resolver III

Hey,

 

I found this in the archive here, I hope it will help.

 

1) Open generated-private-key.txt in Notepad++ and change the encoding from UTF-8=BOM to UTF-8
2) Run this command (use Cmder or something with openssl):
openssl pkcs12 -export -out mydomain.pfx -inkey generated-private-key.txt -in certificate.crt

I had sometimes problems with '-certfile' option.

 

PS: I'd be interested in having a look at the format of the generated-private-key.txt. NOT the whole file - only the line with the encoding and any other readable text around the key "blob". We are finishing a tool for this kind of situations and it sounds like this file is specific to GoDaddy. A private message would be great!

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

View solution in original post

Thanks Dan, this worked perfectly!

On a Windows machine, opening the generated-private-key.txt in Notepad and saving as encoding UTF-8 along with your command is all that needed to happen.

 

The generated-private-key.txt looks like this:

-----BEGIN PRIVATE KEY-----

blob

-----END PRIVATE KEY-----

 

I'm not sure what you mean by "only the line with the encoding".  If you need more than that please let me know.  Thanks!

Marvelous. I wasn't sure whether there's an encoding info inside the file but as you say - it's only the matter of changing it when saving the file.

 

I'm glad it worked!