Convert Comodo cert to PKS#12?

It's been awhile since I've had to do this as most now will supply a PFX/P12/PKCS#12 bundle.  I think it's easier to use one of the free online converters.  Any luck with that?

Cheers - Bob

hi,

openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile  cacert.cer

root.cer = cacert.cer

certificatename.cer = asg.sub.domain.com_cert.cer

privatekey.key the privatekey file you had.

if on a windowsbox you will need the openssl tools. ( https://slproweb.com/products/Win32OpenSSL.html )

or an onlineconverter like bob said.

Are you saying that I don't need to include the 2 intermediate certificates?

I've seen some examples that concatenated the certs (including intermediate certs) into a file and used it for the input filename. 

Although I'm a longtime Astaro/Sophos UTM user, I've always used the self-signed certificate.  Dealing with certs is not my forte.

Yes you do need the intermediate cert(s).  When I worked with two different Comodo certs, I only had to use a single intermediate cert with the root CA, but maybe that's changed in the last two years.  I've been more successful with the Windows version:

OpenSSL-Win64\bin\openssl.exe pkcs12 -export -in -certfile <Comodo Root CA file> -certfile <Comodo Intermediate CA file> sub.domain.com.cer -inkey sub.domain.com.private.key -out sub.domain.com.p12

Alternatively, you can concatenate the certs <Comodo Root CA file>, <Comodo Intermediate CA file> and  sub.domain.com.cer and then do:

OpenSSL-Win64\bin\openssl.exe pkcs12 -export -in -certfile <concatenated certs> -inkey sub.domain.com.private.key -out sub.domain.com.p12

Cheers - Bob

Thanks Bob (and brunomc).

I already created a pkcs12 file today that included the intermediate certs (using openssl on Windows) and verified the resulting file with the -info switch.