As part of my ongoing mission to try to understand X509 certificates I wanted to figure out how to copy a test SSL certificate from one PC to another. The problem is
makecert.exegenerated a .cer file and I needed a .pfx file to import the certificate on the other server.
makecert.exeto create and install a certificate with an exportable private key. This should allow you to export the .pfx file from Certificates console.
pvkimprt.exeto convert the .cer and .pvk created by
makecert.exeto a .pfx file:
makecert -pe -n "CN=My Root CA, O=Test, OU=For Testing Only!" -ss my -sr LocalMachine -a sha1 -sky signature -r -sv test.pvk test.cer
cert2spc test.cer test.spc
pvkimprt -pfx test.spc test.pvk
pvk2pfxinstead of the above:
X.509 File Types:
pvk2pfx -pvk test.pvk -spc test.cer -pfx test.pfx -po pfx_password_here -f
- .CER = "DER" encoded binary X.509 Certificate file, e.g. as created by makecert. Contains only the public key.
- .CRT = base-64 encoded X.509 certificate. (Not the same as a Microsoft standard base-64 .cer file...?)
- .SPC = Software Publisher's Certificate. PKCS #7 standard that contains X.509 certificates. The cert2spc.exe utility converts a .cer file to .spc. .spc files are used as input to signcode.exe.
- .PVK = private key file, e.g. as created by makecert.
- .PFX = Personal Exchange file, contains certs with both the public and private key. PKCS#12 standard, binary DER encoded.