10

I have created an SSL keypair with OpenSSL. I uploaded the Certificate Signing Request to my SSL Certificate provider and got my certificate files.

I added my certificate and the required CA certificates to the certificate database using certutil. However, when I try to serve HTTPS pages, I get this error message: "Cannot find private key for certificate".

I have the private key in a .key file, however it seems that certutil does not have an option to add keys to the key store, although it has the option to generate new keypairs and put them in the database.

Is there a way to get my private key into the key database from certutil?

Improve this question
2
  • 1
    Obivously you have a web server problem but you do not tell, what webserver you are using. Commented Nov 28, 2014 at 7:28
  • 1
    He has a certificate database problem, not really a web server problem. Commented Nov 28, 2014 at 20:39

1 Answer 1

Reset to default
15

No, certutil doesn't have an option to add private keys. You need to use pk12util for that.

If your private key is in PKCS12 format, you can add it to the key/cert database with

pk12util -i keyfile.key -d/path/to/database -W password

If it's in PEM format, you'll need to convert it to PKCS12 first by

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CAcert.crt

then import server.pfx with pk12util as above.

Unfortunately certutil and pk12util often don't come with man pages, but certutil -H and pk12util -H provide some help. There are also some online docs and man pages.

Improve this answer
2
  • You command did not work, however, Eric's suggestion here did: stackoverflow.com/a/27176982/749521 Commented Nov 29, 2014 at 0:27
  • @StevenRoose: OK. Please consider editing my answer to make it work. Commented Nov 29, 2014 at 1:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.