How can I convert a pem private key to a format for windows that can be used in .NET

Question

I have a been given a private key that turned out to be in pkcs8 format, which I managed to turn into a pem file using the following command:

openssl pkcs8 -inform der -nocrypt -in private.key -out pkey.pem

I now need to convert this to pkcs12 so I can use it in .NET to create an X509 certificate (also I'd like to import it to windows cert manager).

I tried this command:

openssl pkcs12 -export -name myalias -in mycert.crt -inkey pkey.pem -out keystore.p12

however, I don't have the public key, I've tried using the pkey.pem file as the -in arg, but it tells me No certificate matches private key. If I try without the -in arg then nothing happens (and I mean nothing, there is a blank row until I press ctrl-c).

How can I generate the public key from the private key, or convert to pkcs12 without the public key?

The first part of this question, was from the answer here

I found an answer that gave me some hope, which says to run this command (-nocerts):

openssl pkcs12 -export -nocerts -inkey your.private.key.pem -out your.private.key.p12

But when I try to import the file into the windows key store, it says The specified file is empty when it is importing.

I've also managed to generate a certificate signing request from instructions here, which generated a certificate file, but the command still didn't accept that saying No certificate matches private key

Another answer suggests generating the public key, which I do, but when I use that as the -in arg it still says No certificate matches private key, which I don't understand as this public key was generated from the private key using this command: openssl rsa -in privkey.pem -pubout > key.pub

EDIT: I've posted an answer below, but as mentioned I've no way of verifying this information or telling if it works. If anyone has any further information, please let me know.

Mr Shoubs · Accepted Answer

It would seem:

The following commands turn this into a format usable in windows:

Convert the private key from pkcs8/DER to a PEM file format

openssl pkcs8 -nocrypt -in dealerPrivate.key -inform der -outform pem -out private.pem

Convert the certificate from x509/DER to a PEM file format

openssl x509 -inform der -in dealerCertificate.x509 -out public.pem

Merge the two files into a pkcs12 file – you will be prompted for password to protect the p12 with

openssl pkcs12 -export -inkey private.pem -in public.pem -out mycert.p12

This gives me a pkcs12 certificate (I think) that I've added to the windows key store and can then access from .NET and attach it to my WCF request.

Unfortunately I can't verify that this works as the service response with the same data as my request, which is completely confusing:

Request:

POST http://[HOST].com/services/fsa/1.0 HTTP/1.1
Content-Type: text/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
Host: [HOST]
Content-Length: 299
Expect: 100-continue
Connection: Keep-Alive

[MY_STRING]

Response:

HTTP/1.1 200 OK
Date: Thu, 31 Oct 2013 12:19:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0a mod_jk/1.2.31
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
host: [HOST]
Expect: 100-continue
connection: Keep-Alive, Keep-Alive
Content-Length: 299
Keep-Alive: timeout=2, max=100
Content-Type: text/xml;charset=utf-8

[MY_STRING]

How can I convert a pem private key to a format for windows that can be used in .NET

Answers (1)

Related Questions