Although extremely rare, there are some pfx
files generated by services that don’t have a password protecting them.
In order to add a password to them, you can use the certutil.exe
utility as part of Windows. This contains a mergepfx
feature which is designed to accept multiple pfx
files, but we can use it to process our pfx
without import/export.
Add a password to a PFX file via command line
The utility expects the passwords comma separated, argument -p
. The first value is blank (for the unpassworded pfx
) then the last value is your output (the newely passworded pfx
).
certutil -p ",NewPassword" -mergepfx unpassworded.pfx passworded.pfx
Removing a password from a PFX file via command line
The same can be done in reverse, though while you can’t set the blank password in the command line, pressing enter twice (without entering a password when prompted) will unprotect the file.
certutil -p "ExistingPassword" -mergepfx passworded.pfx unpassworded.pfx
Enter new password: <Enter>
Confirm new password: <Enter>