Video Screencast Help

Making own personal certificate, exporting private key in .key format

Created: 14 Mar 2011 • Updated: 14 Mar 2011 | 2 comments
This issue has been solved. See solution.


i want to make my own certificate (not a SSL one for domain, just personal), which has to be a file with .crt extension. I have the .csr file by clicking "Request certificate" for my key in PGP Desktop: created a plain txt document , copy-pasted the text with "Begin certificate request---...--- End" and renamed to certificate.csr.

I tried to use OpenSSL to do that, with using command

openssl x509 -req -days 365 -in certificate.csr -signkey myprivate.key -out certificate.crt

however, i got error with the private key loading. i cannot find how to export my private key. i can only export my public key, resp. private keyring but not in format .key but .skr. how can i export my private key in format .key? or how to make .crt certificate from .csr ? 

Comments 2 CommentsJump to latest comment

dfinkelstein's picture

In Desktop, there isn't a way to export the private key so that OpenSSL can understand the format.  (PGP Command Line can export keys in PKCS#8 format.)

Your best options are:

1.  Generate the key in OpenSSL, and then import the cert and key as a PKCS#12.  The best thing to do here is to import the PKCS#12 as your signing or encryption subkey underneath your top PGP Key.

2.  Sign the certificate with a different key (so the certificate is not self-signed).


David Finkelstein

Symantec R&D

ThomasC's picture

thank you for your fast reply. i try to create a key in OpenSSL with command

-genrsa -des3 -out myprivate.key 4096 

then there is a prompt for entering passphrase. the problem is, i cannot type in any passphrase. virtually my keyboard becomes dead... any idea?

Never mind, just found out , it actually types the characters, just there is no visual output of that.. lame -.-'