This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Convert Comodo cert to PKS#12?

I followed KB115976 to generate a CSR and private key.  I submitted my CSR to my parent organization, who purchased a SSL certificate from Comodo on my behalf.

 

I received the following files:  intermediate1.cer, intermediate2.cer, asg.sub.domain.com_cert.cer, and root.cer

 

I've done some Googling and it appears that I need to run openssl with some switches, including my private key, but I'm not sure of the syntax. 

 

TIA



This thread was automatically locked due to age.
Parents
  • hi,

     

    openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile  cacert.cer

    root.cer = cacert.cer

    certificatename.cer = asg.sub.domain.com_cert.cer

    privatekey.key the privatekey file you had.

    if on a windowsbox you will need the openssl tools. ( https://slproweb.com/products/Win32OpenSSL.html )

    or an onlineconverter like bob said.

  • Are you saying that I don't need to include the 2 intermediate certificates?

    I've seen some examples that concatenated the certs (including intermediate certs) into a file and used it for the input filename. 

    Although I'm a longtime Astaro/Sophos UTM user, I've always used the self-signed certificate.  Dealing with certs is not my forte.

Reply
  • Are you saying that I don't need to include the 2 intermediate certificates?

    I've seen some examples that concatenated the certs (including intermediate certs) into a file and used it for the input filename. 

    Although I'm a longtime Astaro/Sophos UTM user, I've always used the self-signed certificate.  Dealing with certs is not my forte.

Children
  • Yes you do need the intermediate cert(s).  When I worked with two different Comodo certs, I only had to use a single intermediate cert with the root CA, but maybe that's changed in the last two years.  I've been more successful with the Windows version:

    OpenSSL-Win64\bin\openssl.exe pkcs12 -export -in -certfile <Comodo Root CA file> -certfile <Comodo Intermediate CA file> sub.domain.com.cer -inkey sub.domain.com.private.key -out sub.domain.com.p12

    Alternatively, you can concatenate the certs <Comodo Root CA file>, <Comodo Intermediate CA file> and  sub.domain.com.cer and then do:

    OpenSSL-Win64\bin\openssl.exe pkcs12 -export -in -certfile <concatenated certs> -inkey sub.domain.com.private.key -out sub.domain.com.p12

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob (and brunomc).

    I already created a pkcs12 file today that included the intermediate certs (using openssl on Windows) and verified the resulting file with the -info switch.