I have created an SSL keypair with OpenSSL. I uploaded the Certificate Signing Request to my SSL Certificate provider and got my certificate files.
I added my certificate and the required CA certificates to the certificate database using certutil. However, when I try to serve HTTPS pages, I get this error message: "Cannot find private key for certificate".
I have the private key in a .key file, however it seems that certutil does not have an option to add keys to the key store, although it has the option to generate new keypairs and put them in the database.
Is there a way to get my private key into the key database from certutil?
Best Answer
No, certutil doesn't have an option to add private keys. You need to use pk12util for that.
If your private key is in PKCS12 format, you can add it to the key/cert database with
If it's in PEM format, you'll need to convert it to PKCS12 first by
then import server.pfx with pk12util as above.
Unfortunately certutil and pk12util often don't come with man pages, but
certutil -H
andpk12util -H
provide some help. There are also some online docs and man pages.