Merging certificat with private key

Posted on 2011-02-18
Last Modified: 2013-12-04
I'll try to explain my problem clearly :)
i need a certificat with a private key inside.
All my certificate are issued by verisign,

I've got a private key in  a file "myprivatekey.pem"
I've got my certificate chain like that :

Verisign1 -> Verisign2 -> Mycert

theses certificat doesn't have any privatekey
I want to merge "Mycert.cer" and "myprivatekey.pem" to have a certificate with the private key.

I searched lot of stuff on internet and i tried many ways with openssl
like that :

verify my key:
openssl rsa -noout -text -in c:\ssl\myprivatekey.pem
--> OK !

i convert my cer files in pem files --> OK !

and when i tried to merge :

C:\OpenSSL-Win32\bin>openssl pkcs12 -export -inkey c:\ssl\myprivatekey.pem -i
n c:\ssl\mycert.pem -out pkcs12.p12 -name test
Loading 'screen' into random state - done
No certificate matches private key

i just can't understand ...

plz advice.

Question by:Mathias75000
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 10

Accepted Solution

abbright earned 250 total points
ID: 34928175
Does your private key belong to the public key which is part of Mycert? If not (which seems to be the case according to the error message of openssl you posted) then I guess what you want to have is not possible as the certificate Mycert is a combination of a public key which has been signed by Verisign and the cooresponding private key. Without the corresponding public key belonging to your private key you cannot import it / create a new certificate. You would rather have to create a new public / private key pair and have the public key in the corresponding certificate be signed by verisign.

Author Comment

ID: 34941591
the private key come from the previous public cert "Mycert" finished in 2010 signed by verisign as well.
My new certificat "Mycert" is just the new one for 2011.
so it should be ok ?
LVL 18

Assisted Solution

decoleur earned 250 total points
ID: 34947832
you don't need to include your private key with the cert.

If you encrypt a message with your verisign signed private key the recipient will upon initial communication go to verisign and pull down the public key and validate that you are who you said you were.

you do not distribute your private key.

hope this helps,


Author Comment

ID: 34949586
yep but i need a certificat with the private key to sign my rdp file, that's why...
but i think i'll just ask for a another pair, it'll be easier ;)
thanks for the help !

Author Closing Comment

ID: 34949711

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question