Windows: How to import when certificate and private key are in separate files?

Question

I am trying to import a certificate using the certmgr.msc snap-in.

My certificate is in a .crt file:

-----BEGIN CERTIFICATE-----
MIIDezCCAmMCCQDFkO/4a6XfiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJT
...
ncpMXzlNEE77e45mpTC/WWgoqQb7XMI+S1iPbluBVw==
-----END CERTIFICATE-----

The private key is in a .key file and I have the password:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,FE5EDCD941BAD3DF54D29902EAB5EE48

9zZcw6zCfL6u8/HuBD/a57GSjAYb3DYzdjN8colcbWDTOSBpmbilapKdXd/XmVlM
.....
rjxIMhRRKCtdN0WZHwKU9wO/sAzllrx9lyt7qeEc3wSYYMD6bvdFjA9CXE27eQqW
-----END RSA PRIVATE KEY-----

The Import wizard only allows a single file to be selected. I tried to combine the above two files as shown into a single file, but the import ignores the private key.

I tried putting the RSA PRIVATE KEY part before the CERTIFICATE part, but import says The file type is not recognizable.

I read that the .pem file is just a container and can include both the certificate and the private key. What have I missed in combining the two files into one?

Answer 1

1. remove all non-base64 content from private key file between PEM header and footer. In a given case, remove these lines from private key file:

   Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,FE5EDCD941BAD3DF54D29902EAB5EE48

2. Rename key file to match the certificate file name, e.g. mycert.pem and mycert.key, where mycert.pem is public certificate file and mycert.key is private key file. And place them in same folder. Then run the following certutil.exe command:

.

certutil -mergepfx mycert.pem mycert.pfx

where mycert.pfx is output file for PFX. You will be prompted to create PFX protection password.

Answer 2

This is also quite easy to do with openssl.

openssl pkcs12 -in mycert.pem -inkey mycert.key -out mycert.pfx