Export to privkey.pem and keep password


I have successfully set up a certificate including a task (General purpose deployment) that exports the private key to a specific path. I then added a password under the Signing & Security menu and reran the task, but the exported key does not seem to be passworded. Is this the intended behaviour, and if so, how can I export to a passworded .pem private key?

Hi, currently our PEM export is in PKCS 1 format (private key without encryption) but we do plan to add further options in the future.

However if you export as PFX (Export Certificate task, PFX) it will be exported as a PKCS12 container file (sometimes called .p12) with private key encryption and you can then perform additional transformations using openssl etc.


I understand. Thank you.

I struggled with actually reusing the password from the PKCS12 export and ended up keeping the Deploy to Generic Server task and encrypting it like so:

openssl rsa -in privkey.pem -out privkey.pem -aes256 -passout "file:C:\ProgramData\certify\credentials\pass.txt"
1 Like