我有一种被赋予的竟然是在PKCS8格式，这是我成功地变成一个PEM文件使用以下命令私钥：

I have a been given a private key that turned out to be in pkcs8 format, which I managed to turn into a pem file using the following command:

openssl pkcs8 -inform der -nocrypt -in private.key -out pkey.pem

我现在需要将其转换为PKCS12这样我就可以用它在.NET创建一个X509证书（我也想将其导入到Windows证书管理器）。

I now need to convert this to pkcs12 so I can use it in .NET to create an X509 certificate (also I'd like to import it to windows cert manager).

我试过这个命令：

openssl pkcs12 -export -name myalias -in mycert.crt -inkey pkey.pem -out keystore.p12

不过，我没有公钥，我使用pkey.pem文件作为-in ARG已经试过，但它告诉我无证书的私钥匹配。如果我尝试没有 -in 阿根廷则没有任何反应（我的意思是什么，有一个空白行，直到我preSS CTRL-C ）。

however, I don't have the public key, I've tried using the pkey.pem file as the -in arg, but it tells me No certificate matches private key. If I try without the -in arg then nothing happens (and I mean nothing, there is a blank row until I press ctrl-c).

我如何能够生成私钥的公钥，或者转换成PKCS12没有公钥？

How can I generate the public key from the private key, or convert to pkcs12 without the public key?

这个问题的第一部分，是从这里的答案

The first part of this question, was from the answer here

我找到了答案这给了我一些希望，这说来运行这个命令（-nocerts）：

I found an answer that gave me some hope, which says to run this command (-nocerts):

openssl pkcs12 -export -nocerts -inkey your.private.key.pem -out your.private.key.p12

但是，当我尝试将文件导入到Windows键存储，它说指定的文件是空当它被导入。

我还成功地生成一个证书签名请求从此处说明，它生成一个证书文件，但该命令仍然没有接受，说无证书相匹配的私钥

I've also managed to generate a certificate signing request from instructions here, which generated a certificate file, but the command still didn't accept that saying No certificate matches private key

表明生成公钥，这是我做的，但另一个答案时，我使用它作为 -in 阿根廷还在说无证书相匹配的私钥，我不明白，因为这公钥是从私钥生成使用这个命令： OpenSSL的RSA -in privkey.pem -pubout＆GT; key.pub

Another answer suggests generating the public key, which I do, but when I use that as the -in arg it still says No certificate matches private key, which I don't understand as this public key was generated from the private key using this command: openssl rsa -in privkey.pem -pubout > key.pub

编辑： 我已经张贴了以下的答案，但提到我已经没有办法核实该信息，或者告诉它是否正常工作的。如果任何人有任何进一步的信息，请让我知道。

I've posted an answer below, but as mentioned I've no way of verifying this information or telling if it works. If anyone has any further information, please let me know.

推荐答案

这似乎是：

下面的命令，把它变成一个可用的格式在Windows中：

The following commands turn this into a format usable in windows:

转换PKCS8 / DER私钥到PEM文件格式

Convert the private key from pkcs8/DER to a PEM file format

openssl pkcs8 -nocrypt -in dealerPrivate.key -inform der -outform pem -out private.pem

转换X509 / DER证书到PEM文件格式

Convert the certificate from x509/DER to a PEM file format

openssl x509 -inform der -in dealerCertificate.x509 -out public.pem

将两个文件合并成一个PKCS12文件 - 你会被提示输入密码来保护P12与

Merge the two files into a pkcs12 file – you will be prompted for password to protect the p12 with

openssl pkcs12 -export -inkey private.pem -in public.pem -out mycert.p12

这给了我一个PKCS12证书（我认为），我已经添加到Windows密钥库，然后可以从.NET访问并将其连接到我的WCF的请求。

This gives me a pkcs12 certificate (I think) that I've added to the windows key store and can then access from .NET and attach it to my WCF request.

不幸的是，我不能验证这可以作为使用相同的数据作为我的请求，这完全是混淆了服务响应：

Unfortunately I can't verify that this works as the service response with the same data as my request, which is completely confusing:

要求：

POST http://[HOST].com/services/fsa/1.0 HTTP/1.1
Content-Type: text/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
Host: [HOST]
Content-Length: 299
Expect: 100-continue
Connection: Keep-Alive

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://[HOST].com/services/fsa/1.0"><String_1 xmlns="">[MY_STRING]</String_1></list></s:Body></s:Envelope>

响应：

HTTP/1.1 200 OK
Date: Thu, 31 Oct 2013 12:19:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0a mod_jk/1.2.31
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
host: [HOST]
Expect: 100-continue
connection: Keep-Alive, Keep-Alive
Content-Length: 299
Keep-Alive: timeout=2, max=100
Content-Type: text/xml;charset=utf-8

<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'><list xmlns='http://[HOST].com/services/fsa/1.0'><String_1 xmlns=''>[MY_STRING]</String_1></list></s:Body></s:Envelope>