Cannot export certificate to .pfx file

Previous Entry How to import a certificate into the Trusted Root and Personal file certificate store. Would love your thoughts, please comment. Kindly subscribe to TechDirectArchive. Telegram Channel. This is default text for notification bar.

Learn more. Loading Comments Improve this question. Openssl is entirely unnecessary in nearly all cases. Just added my answer which I create a blog entry to provide. Add a comment. Active Oldest Votes. You will need to use openssl. If you have a root CA and intermediate certs, then include them as well using multiple -in params openssl pkcs12 -export -out domain. Improve this answer. Marius Thanks, I'll also add if you have a root CA or intermiediate cert you can append it by supplying multiple -in parameter: openssl pkcs12 -export -out domain.

Did the job for me. As a minor note, running this on a Windows machine requires you to run openssl in an Administrator command prompt. Where do you get the key file from? I got an SSL cert issued, but I don't see a keyfile anywhere.

In order to get this to work on openssl 1. I believe this is possibly because the. Show 18 more comments. When I do this, it tells me I do not have the private key imported on my computer. Which is true. NielsBrinch When I do this, it also tells me I do not have the private key imported on my computer. Expect that it's false, it's in the same folder as the certificate This solved that error message.

I can recommend DigiCert based on several years of experience with them. Don't forget to include the private key in the root directory of the DigiCertUtil. Easiest is to just copy it to the certificate folder. Show 1 more comment. Seymour Seymour 6, 12 12 gold badges 42 42 silver badges 48 48 bronze badges. The question opened with: "I need. Can you please put relevant content of your post in your answer please?

That way, the answer is still relevant even if your blog disappears. You can still link to your blog. As it is, there is 0 useful information in the content of the answer. I find this aspect of IIS really annoying since all the "complete request" is doing is combining the private key with the public certificate to produce a pfx, why it couldn't just accept them as separate PEM formatted files who knows. While I appreciate that your solution is most likely "the right way to do" things, I think it's more effort than meddling around with openssl - one tool, one commandline call, one password, done.

Also I don't know if all ssl companies support this approach. I'm afraid your answer doesn't help if the certificate was generated elsewhere. Okay, IIS expects to generate and hang on to the private key itself - sometimes that's just not an option.

Show 4 more comments. I created. Like this openssl pkcs12 -inkey rootCA. Siim Nelis Siim Nelis 6 6 silver badges 9 9 bronze badges. This is basically the same command I used, but I needed to add winpty before openssl eg, winpty openssl pkcs If you can export private key from mmc console, Export-PfxCertificate will export it also.

I know this is an older question, but I wanted to post my solution as I was having this same problem. I too was getting the dreaded Export-PfxCertificate : Cannot export non-exportable private key error while trying to export my PFX file. The problem started after loading my code-signing certificate on my Windows machine.

When I went to export it, the export to PFX option was grayed out without further explanation. I then followed many of the instructions listed here, including Powershell Export-PfxCertificate. None of these worked. GoDaddy graciously, and without cost, allowed me to submit a new CSR with that option checked, to 'Rekey' my existing certificate. Within a couple of hours, my new certificate was issued.

I've included this screenshot of the box that must be checked when creating your CSR may look different on different platforms. Relevant code from that post has been pasted below. Use Import-PfxCertificate with parameter -Exportable.

Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Collectives on Stack Overflow.

Learn more. Openssl can seem pretty cryptic at first, but I have it on every machine I own and use. It is great for checking out exactly what cert is in use. Please, someone do for Certs what Square has done for credit card processing. This is a fundamental tension, usability vs security. If anyone tells you that they have made security and crypto easy, I would be willing to bet that they broke something along the way in other words their solution is likely not secure.

To continue this discussion, please ask a new question. Which of the following retains the information it's storing when the system power is turned off? Submit ». Get answers from your peers along with millions of IT pros who visit Spiceworks. Other than that the 4 files from Network Solutions are: domainname. Best Answer. Meganerd Aug 7, at UTC. Give the private key a password. Give the filename and path of the exported file s.

View this "Best Answer" in the replies below ». Meganerd Aug 6, at UTC. The private key would have been generated at the same time as the CSR.

Thai Pepper.