Thoughts, ideas, ramblings. Covering a wide range of topics from Windows to Linux, Azure, hardware, software & more.

Adding a password to an existing PFX via command line

Although extremely rare, there are some pfx files generated by services that don’t have a password protecting them.

In order to add a password to them, you can use the certutil.exe utility as part of Windows. This contains a mergepfx feature which is designed to accept multiple pfx files, but we can use it to process our pfx without import/export.

Add a password to a PFX file via command line

The utility expects the passwords comma separated, argument -p. The first value is blank (for the unpassworded pfx) then the last value is your output (the newely passworded pfx).

certutil -p ",NewPassword" -mergepfx unpassworded.pfx passworded.pfx

Removing a password from a PFX file via command line

The same can be done in reverse, though while you can’t set the blank password in the command line, pressing enter twice (without entering a password when prompted) will unprotect the file.

certutil -p "ExistingPassword" -mergepfx passworded.pfx unpassworded.pfx
Enter new password: <Enter>
Confirm new password: <Enter>


Leave a Reply

Your email address will not be published. Required fields are marked *