of the
I have nothing but respect for Nick Doelman but his affinity with a mouse device is starting to wear me off. Yes, I’m talking about his recent post on conversion of a CER file into a PFX file. Screen after screen after screen. Phleee-a-a-se… Just looking at those give me a mental carpal injury. Plus you end up with a certificate in your local store wasting precious bytes. It should not be that difficult.
tl;dr
Future me, pay attention, this is all you need to know:
openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile bundle.crt
What is this sorcery?
I assume if you’re dealing with certificates, you’re not adverse to a bit of developer’s jiggery-pokery a.k.a command line. I also assume you are here because you don’t trust an online converter and you did not find these or these instructions easy to understand. Let me compare creating the pfx certificate to one of the greatest culinary achievements ever: strawberry 2-ingredients sorbet.
Ingredients
| Certificate | Sorbet |
|---|---|
2-3 text files:
| 1 lb / 455g strawberry |
| 1 openssl.exe (any good cook should already have one but we also provide instructions how to make one from scratch) | ¼ cup / 85g honey |
Preparation
| Certificate | Sorbet |
|---|---|
| If you have Linux or Mac, you’re all set. If you have Git for Windows, OpenSSL is already in C:\Program Files\Git\usr\bin\openssl.exe. | Hull the strawberries by using a straw to push out the stem of each strawberry. |
If you have Chocolatey then this should do the trick of installing openssl:choco install openssl | Cut strawberries in half and place on a parchmen paper-lined baking sheet and freeze until hardened. |
| Otherwise head off to openssl wiki and pick your favorite. | Add the frozen strawberries and honey to a food processor and combine until evenly mixed. |
Magic command line:openssl pkcs12 -export -out cert.pfx -inkey priv.key -in cert.crt -certfile bundle.crt | Transfer to a loaf pan and transfer to freezer until completely frozen. |
| Enjoy! | Enjoy! |
Cover photo by Pressmaster
This is helpful thankyou. However, I am dealing with two issues:
1. GoDaddy gives me a private key as a .txt file; and
2. When I generate the .pfx file using this method, and then upload to Powerapps portals, it tells me that my encryption is not compatible.
Any thoughts would be much appreciated
Peter
Extension of the file doesn’t matter. As long as you have BEGIN/END PRIVATE KEY lines you should be good.
How do you generate pfx file? That’d be the critical part. Usually you can control the encryption and yes it does matter, see the full requirements here: https://learn.microsoft.com/power-apps/maker/portals/admin/manage-ssl-certificates
From experience there are two situations when you might receive this error: default encryption on your system is not set to tripple DES, or somehow the private key does not make it into pfx file.