I have followed the steps listed here to create a new private key and certificate. Now I am trying to combine them into a .pfx file.
OpenSSL should be able to read in both the private key and the certificate from a single file, and according the man man docs, should also be able to read from stdin. However, this doesn't seem to be working for me.
On Mac OS X 10.14.3 and openssl version gives "LibreSSL 2.6.5".
I combined my certificate and key into one file (called 'combined.pem'). I did this with the following commands:
$ openssl genrsa -out private.key 2048
$ openssl req -new -x509 -key private.key -out public.cer -days 365
$ cat public.cer >> combined.pem
$ cat private.key >> combined.pem
For reference, combined.pem looks something like this:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
When I run the following command, everything works fine:
$ openssl pkcs12 -export -out x509.pfx -in combined.pem
When I run this command, I get an error:
$ openssl pkcs12 -export -out x509.pfx < combined.pem
unable to load certificates
I have also tried:
$ cat combined.pem | openssl pkcs12 -export -out x509.pfx
unable to load certificates
What am I missing? Is OpenSSL not really able to read from stdin for this?
Also, from the man docs:
-in file
The input file to read from, or standard input if not specified. The order doesn't matter but one private key and its corresponding certificate should
be present. If additional certificates are present, they will also be included in the PKCS#12 file.
-inkey file
File to read a private key from. If not present, a private key must be present in the input file.
Best Answer
Contrary to what most answers here say, OpenSSL does work with stdin out of the box, including on macOS. The trick is to leave the
-inparameter out completely.