OpenSSL .pfx Certificate


I have been successfully creating the mydomain.key, mydomain.crt, mydomain.csr and account.key files through However, when I was trying to combine the mydomain.key and mydomain.crt files to create the .pfx file for my IIS server, I got the error below. Does anyone know why this happened?

PS C:\OpenSSL-Win64\bin> openssl pkcs12 -export -out mycert.pfx -inkey mydomain.key -in mydomain.crt
No certificate matches private key
PS C:\OpenSSL-Win64\bin>

Hi @TonySSL

your key and your cert are not a public / private key pair. You use the wrong private key.


I used “openssl genrsa -out mydomain.key 2048” to generate mydomain.key.

If mydomain.key is not a private key, then which one is the private key? Is it the account.key?

It may be a private key, I don't know that. But the error says: You have selected the wrong private key.

Must be the key you have used to create the CSR.

PS: No, it's not the account key. These are different things.

mydomain.key is the key i used to create the csr.

le64 -key account.key -csr mydomain.csr -csr-key mydomain.key -crt mydomain.crt -domains “,” -path “C:\inetpub\henrywebroot\.well-known\acme-challenge” -generate-missing -live

I believe the answer I posted here might help: Why SSL verification of my domain name failed?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.