Before jumping into the procedure to convert a CER certificate to PFX without the private key. Let’s understand the difference between the certificate formats.
You can always referX.509 certificate Request for Comments(RFC) andX.509articles to know about thedigital certificatesin depth. X.509 certificates come majorly in two formats:Base64 (ASCII)andBinary. Again there are two formats underneath Base64. They arePEMandPKCS#7. As like Base64, Binary has two formats too:DERandPKCS#12. Of all these certificate formats few of them come bundled with a private key and few are not. To tell in short, .cer, .crt, and .p7b formats necessarily don’t have the private key with them. Whereas .pfx is always bundled with a private key.
Most of the Certificate Authorities will not issue certificates with the private key. They just issue and share the certificates in .cer, .crt, and .p7b formats which don’t have the private key in most of the cases. But, your application needs the certificate in .pfx format. Now, you have a .cer certificate in your hand, but you need a .pfx certificate to deploy. And, you can’t convert the .cer certificate to .pfx without the private key. This problem has created confusion in most people and may create delays in the certificate deployment/renewal process.
We thought it is an excellent idea to address this common problem. So we are here to explain the complete step by step process to convert a CER Certificate to PFX Without the private key.
How to Convert a CER Certificate to PFX Without the Private Key?
The procedure is quite simple. You can convert a CER certificate to PFX without the private key in three simple steps. But, this process will require the machine on which you have created the CSR (Certificate Signing Request) Because the private key had been created during the CRS creation process. We are just using the previously create private key to convert the CER certificate to PFX. Bear in mind, this process will work only on Windows platform.
Time needed: 5 minutes.
How to Convert a CER Certificate to PFX Without the Private Key?
Right-clickon the certificate file.
Selectinstall certificate.
2. Select Local Computer radio button
3. Select the default automatic store to import the certificate
4. Import the certificate
Click Finish button to complete the import process.
5. Import process complete.
Wait for a while until you see a successful message.
6. Open MMC in Windows server
HitWin + Rto open the Run utility
Typemmcin the box.
PressOk.
7. Add Certificate Snap-in
Go to File > Add/Remove Snap-in..
8. Select Certificates and press Add
9. Select the User or Computer Certificate snap-in
Select the snap-in which you want to create the certificate. For demonstration we are choosingCompute account.
ClickNext.
10. Select Local Computer
Selectlocal computeras you are going to create CSR on the same computer.
Recommended by LinkedIn
ClickFinish.
11. Select Certificate (Local Computer) and click Ok
12. Load MMC
You will see the certificate in the personal store.
13. Export the Certificate
Right Click on the Certificate
Select All Tasks -> Export
14. Certificate Export Wizard
Click Next in the Certificate Export Wizard
15. Export the Private Key
Select the radio button ‘yes, export the private key’
Click Next
16. Export pfx certificate
Select PFX radio button.
Three options are available to select during the export. Select the one which you need.
Click Next
17. Select Security options to export the pfx certificate.
(Optional) Select the Group or user name of your choice if you want to set the permissions to manage the certificate.
Select a password and enter the password to encrypt the certificate.
Note: It is mandated to select the password. It is recommended to secure the private key.
18. Provide the location to save the pfx Certificate.
Browse the location where you want to save the pfx certificate
Click Next
19. Finish to export the pfx certificate
This complete the procedure to convert a CER certificate to PFX without the private key.
Thanks for reading this article. Please read more such interesting articles and keep support us.
This post is originally published atthesecmaster.com.
We thank everybody who has been supporting our work and request you check outthesecmaster.comfor more such articles.