No certificate matches private key while generating .p12 file

I have successfully generated .p12 file but I got a message which is a follows:

C:\OpenSSL-Win32\bin>openssl pkcs12 -export -inkey mykey.key -in exported.pem -out myfile.p12 

Loading 'screen' into random state - done No certificate matches private key

Could anyone tell me what is this error all about?

Also, the size of the file myfile.p12 is 0KB and when I tried to open it, I got the following message in a small window with OK button:

`Invalid Public Key Security Object File

This file is invalid for use as the following: Personal Information Exchange `

Please clarify.

Thanks

2

3 Answers

Source

OpenSSL says no certificate matches private key when the certificate is DER-encoded. Just change it to PEM encoding before creating the PKCS#12.

  1. Create key pair : openssl genrsa -out aps_development.key 2048

  2. Create CSR : openssl req -new -sha256 -key aps_development.key -out aps_development.csr

  3. Upload the CSR to developer portal to get the certificate aps_development.cer

  4. Convert the certificate: openssl x509 -inform DER -outform PEM -in aps_development.cer -out aps_development.pem

  5. Build the PKCS#12: openssl pkcs12 -inkey aps_development.key -in aps_development.pem -export -out aps_development.p12

7

I also had exactly same issue. Below two commands worked like a charm.

cat domain.crt intermediate.crt ca.crt > bundle.crt openssl pkcs12 -export -out cert.pfx -inkey key -in bundle.crt 
2

In my case, I'd actually specified the wrong certificate -- i.e. the certificate was for one system, and the private key for another. So the error message was spot-on!

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like