I'm trying to script generation of a single pfx certificate, from one key and one pem file. The following command in Powershell will generate a .pfx as expected:
CertUtil -MergePFX $srcPemPath $outPfxPath
But it prompts me to manually enter the private key password. It'd be most convenient if I didnt have to do this manually.
Looking at the Microsoft documentationI should be able to provide the password as an optional extended property parameter, however when I try the following:
CertUtil -MergePFX $srcPemPath $outPfxPath -p $certPassword
I get an error:
Expected no more than 3 args, received 4CertUtil: Too many argumentsNeither the usage hint or the documentation makes it clear how this is supposed to be done. Is it possible, and how?
Update
This seems to be purely an issue with my comprehension of certutil.exe's usage:'-p password' is an option, and options should be the first arguments to the certutil executable. For example, -f and -v are also options for force overwrite and verbose output respectively.
Given current working directory only contains fullchain1.pem and fullchain1.key:
In powershell: certutil -f -v -mergepfx .\fullchain1.pem .\testout.pfx
The above creates testout.pfx, overwriting any existing file, verbosely writing the algorithm and public key, prompting the user for a password
In powershell:certutil -p "pass1" -mergepfx .\fullchain1.pem .\testout.pfx
The above creates testout.pfx (provided it doesnt already exist) but will still prompt the user for a password
In powershell:certutil -p "pass1,pass2" -mergepfx .\fullchain1.pem .\testout.pfx The above creates testout.pfx, without prompting the user for a password, the private key password for testout.pfx will be pass2. pass1 and pass2 were arbitrary, pass1 appears to serve no purpose.
So I have a solution, but it'd still be nice to understand why :)