Making own personal certificate, exporting private key in .key format
Hello,
i want to make my own certificate (not a SSL one for domain, just personal), which has to be a file with .crt extension. I have the .csr file by clicking "Request certificate" for my key in PGP Desktop: created a plain txt document , copy-pasted the text with "Begin certificate request---...--- End" and renamed to certificate.csr.
I tried to use OpenSSL to do that, with using command
openssl x509 -req -days 365 -in certificate.csr -signkey myprivate.key -out certificate.crt
however, i got error with the private key loading. i cannot find how to export my private key. i can only export my public key, resp. private keyring but not in format .key but .skr. how can i export my private key in format .key? or how to make .crt certificate from .csr ?
Comments 2 Comments • Jump to latest comment
In Desktop, there isn't a way to export the private key so that OpenSSL can understand the format. (PGP Command Line can export keys in PKCS#8 format.)
Your best options are:
1. Generate the key in OpenSSL, and then import the cert and key as a PKCS#12. The best thing to do here is to import the PKCS#12 as your signing or encryption subkey underneath your top PGP Key.
2. Sign the certificate with a different key (so the certificate is not self-signed).
--------
David Finkelstein
Symantec R&D
thank you for your fast reply. i try to create a key in OpenSSL with command
-genrsa -des3 -out myprivate.key 4096
then there is a prompt for entering passphrase. the problem is, i cannot type in any passphrase. virtually my keyboard becomes dead... any idea?
Never mind, just found out , it actually types the characters, just there is no visual output of that.. lame -.-'
Would you like to reply?
Login or Register to post your comment.