Adding a password to an existing PFX via command line

Although extremely rare, there are some pfx files generated by services that don’t have a password protecting them.

In order to add a password to them, you can use the certutil.exe utility as part of Windows. This contains a mergepfx feature which is designed to accept multiple pfx files, but we can use it to process our pfx without import/export.

Add a password to a PFX file via command line

The utility expects the passwords comma separated, argument -p. The first value is blank (for the unpassworded pfx) then the last value is your output (the newely passworded pfx).

certutil -p ",NewPassword" -mergepfx unpassworded.pfx passworded.pfx

Removing a password from a PFX file via command line

The same can be done in reverse, though while you can’t set the blank password in the command line, pressing enter twice (without entering a password when prompted) will unprotect the file.

certutil -p "ExistingPassword" -mergepfx passworded.pfx unpassworded.pfx
Enter new password: <Enter>
Confirm new password: <Enter>

Adding a password to an existing PFX via command line

Add a password to a PFX file via command line

Removing a password from a PFX file via command line

Comments

Leave a Reply Cancel reply

Network Location Awareness Proxy causing connection issues for some system applications

Using the “sysnative” folder in Intune App Deployments

Move tagged photos from Facebook to Google Photos with correct Date & Timestamps

Using an Adobe Lightroom Catalog with OneDrive Sync

Credential Manager: Root Cause for WAM issues

Force a Dell BIOS update