Skip to content

Instantly share code, notes, and snippets.

@novemberborn

novemberborn/howto.md

Created February 18, 2016 17:47
Show Gist options
  • Save novemberborn/4eb91b0d166c27c2fcd4 to your computer and use it in GitHub Desktop.
Save novemberborn/4eb91b0d166c27c2fcd4 to your computer and use it in GitHub Desktop.
Download ZIP
Creating a PKCS#12 file from a Let's Encrypt certificate
Raw
howto.md

Assuming you received the certificate in DER form, saved to cert.der:

openssl x509 -inform der -in cert.der -out chain.pem

Append the content of https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem.txt to chain.pem.

Save https://letsencrypt.org/certs/letsencryptauthorityx1.pem.

Assuming the private key for the certificate is in privkey.pem:

openssl pkcs12 -export -inkey privkey.pem -in chain.pem -CAfile letsencryptauthorityx1.pem -out cert.p12

cert.p12 now includes the private key, your certificate, and the full certificate chain.

@ernitishkumar
Copy link

I think the Save https://letsencrypt.org/certs/letsencryptauthorityx1.pem. file should be the root file i.e is ISGR X1 or DST X1

@DayBr3ak
Copy link 

cat /etc/letsencrypt/live/fqdn.com/chain.pem lets-encrypt-x1-cross-signed.pem.txt > chain.pem
openssl pkcs12 -export -inkey /etc/letsencrypt/live/fqdn.com/privkey.pem -in chain.pem -CAfile letsencryptauthorityx1.pem -out cert.p12

>> No certificate matches private key

doesn't work

@DayBr3ak
Copy link

this works

 openssl pkcs12 -export -out certificate.p12 -inkey /etc/letsencrypt/live/.org/privkey.pem -in /etc/letsencrypt/live/.org/cert.pem -certfile /etc/letsencrypt/live/.org/chain.pem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment