How to merge separate certificate and private key files into a PFX

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected:  All



    How to create a single PFX file containing a private key from a separate .cer/.crt file and .key file.



    Sometimes certificate files and private keys are supplied as distinct files but IIS and Windows requires certificates with private keys to be in a single PFX file.



    1. On the IdP put the .cer/.crt and .key files into the same folder and make sure they have the same name but keep their prefix e.g.:


    2. Open a command line and run:

    certutil -mergepfx [INPUTFILE] [OUTPUTFILE]

    Replace INPUTFILE with the name of the .cer/.crt file. There is no need to specify the key file, it's derived from the name of the .cer/.crt


    certutil -mergepfx MyCert.crt MyCert.pfx

    3. The result, if successful, will be a PFX file that can be imported into the certificate store in the usual manner.  



    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.