Create a pkcs12 bundle from individual certificate and key files.

This command should be on one line:

openssl pkcs12 -export -inkey private.key -in certificate.cer -name Certificate_Display_Name -out certificate.p12

The certificate file can be a concatenation of multiple certificates:

cat intermediate-cert.pem server-cert.pem > certificate.cer

Additional certs can be added by adding the -certfile parameter to the openssl command.

Changed defaults in Openssl 3.0

With openssl 3.0, the default encryption for private keys in pkcs12 bundles changed from 3DES to AES256. This causes import failures on Windows Server 2008/2012 with the error:

“The password you entered is incorrect”

Resolve this by adding the following options after -export to the command above:

-certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac