Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Making own personal certificate, exporting private key in .key format

Created: 14 Mar 2011 • Updated: 14 Mar 2011 | 2 comments
This issue has been solved. See solution.

Hello,

i want to make my own certificate (not a SSL one for domain, just personal), which has to be a file with .crt extension. I have the .csr file by clicking "Request certificate" for my key in PGP Desktop: created a plain txt document , copy-pasted the text with "Begin certificate request---...--- End" and renamed to certificate.csr.

I tried to use OpenSSL to do that, with using command

openssl x509 -req -days 365 -in certificate.csr -signkey myprivate.key -out certificate.crt

however, i got error with the private key loading. i cannot find how to export my private key. i can only export my public key, resp. private keyring but not in format .key but .skr. how can i export my private key in format .key? or how to make .crt certificate from .csr ? 

Comments 2 CommentsJump to latest comment

dfinkelstein's picture

In Desktop, there isn't a way to export the private key so that OpenSSL can understand the format.  (PGP Command Line can export keys in PKCS#8 format.)

Your best options are:

1.  Generate the key in OpenSSL, and then import the cert and key as a PKCS#12.  The best thing to do here is to import the PKCS#12 as your signing or encryption subkey underneath your top PGP Key.

2.  Sign the certificate with a different key (so the certificate is not self-signed).

--------

David Finkelstein

Symantec R&D

SOLUTION
ThomasC's picture

thank you for your fast reply. i try to create a key in OpenSSL with command

-genrsa -des3 -out myprivate.key 4096 

then there is a prompt for entering passphrase. the problem is, i cannot type in any passphrase. virtually my keyboard becomes dead... any idea?

Never mind, just found out , it actually types the characters, just there is no visual output of that.. lame -.-'