Tip #1348: Convert CER to a PFX like a boss

I have nothing but respect for Nick Doelman but his affinity with a mouse device is starting to wear me off. Yes, I’m talking about his recent post on conversion of a CER file into a PFX file. Screen after screen after screen. Phleee-a-a-se… Just looking at those give me a mental carpal injury. Plus you end up with a certificate in your local store wasting precious bytes. It should not be that difficult.

tl;dr

Future me, pay attention, this is all you need to know:

openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile bundle.crt

What is this sorcery?

I assume if you’re dealing with certificates, you’re not adverse to a bit of developer’s jiggery-pokery a.k.a command line. I also assume you are here because you don’t trust an online converter and you did not find these or these instructions easy to understand. Let me compare creating the pfx certificate to one of the greatest culinary achievements ever: strawberry 2-ingredients sorbet.

Ingredients

CertificateSorbet
2-3 text files:
  • cert.crt (or .cer) – contains the actual certificate
  • priv.key – contains the key (this one you should really keep a secret)
  • bundle.crt – CA and intermediate certificates bundle optionally provided by your certificate issuer
1 lb / 455g strawberry
1 openssl.exe (any good cook should already have one but we also provide instructions how to make one from scratch) ¼ cup / 85g honey

Preparation

CertificateSorbet
If you have Linux or Mac, you’re all set. If you have Git for Windows, OpenSSL is already in C:\Program Files\Git\usr\bin\openssl.exe.Hull the strawberries by using a straw to push out the stem of each strawberry.
If you have Chocolatey then this should do the trick of installing openssl:
choco install openssl
Cut strawberries in half and place on a parchmen paper-lined baking sheet and freeze until hardened.
Otherwise head off to openssl wiki and pick your favorite.Add the frozen strawberries and honey to a food processor and combine until evenly mixed.
Magic command line:
openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile bundle.crt
Transfer to a loaf pan and transfer to freezer until completely frozen.
Enjoy!Enjoy!

Cover photo by Pressmaster

2 thoughts on “Tip #1348: Convert CER to a PFX like a boss

  1. Peter says:

    This is helpful thankyou. However, I am dealing with two issues:

    1. GoDaddy gives me a private key as a .txt file; and
    2. When I generate the .pfx file using this method, and then upload to Powerapps portals, it tells me that my encryption is not compatible.

    Any thoughts would be much appreciated

    Peter

Leave a Reply

Your email address will not be published. Required fields are marked *