Git Bash Openssl


27th April 2021 git-bash, openssl, pkcs#12, windows The SSL certificate authority sent me the signed certificate in.pfx format and it was password-protected; so I need to convert it to.crt file. The first attempt was to call openssl pkcs12 -in server.pfx -out server.crt -nokeys -clcerts, simply in Git-Bash Windows; but it waits forever,. This option allows you to use Git from either Git Bash or the Windows Command Prompt. Next, we recommend leaving the default selected as Use OpenSSH. Next, in Choosing HTTPS transport backend, leave the default Use the OpenSSL library selected. Bash from Git for Windows uses mintty. Mintty cannot present itself as console to openssl but winpty can because it does the required conversions. Learn the details at Git for Windows FAQ. Installing it with option 'Use Git and optional Unix tools from the Command Prompt' and 'Use the OpenSSL library'. After installing, open Windows cmd or Git bash run below command to check if it is installed ok. OpenSSL has a variety of commands that can be used to operate on private key files, some of which are specific to RSA (e.g. Openssl rsa and openssl genrsa) or which have other limitations. Here we always use openssl pkey, openssl genpkey, and openssl pkcs8, regardless of the type of key. The first section describes how to generate private keys.

Package Details: bash-snippets-git 1.23.0.r15.g97a1c0d-1

Package Actions

Git bash free download
  • View PKGBUILD / View Changes
Git Clone URL: (read-only, click to copy)
Package Base: bash-snippets-git
Description: A collection of small bash scripts for heavy terminal users
Upstream URL:
Licenses: MIT
Conflicts: bash-snippets
Provides: bash-snippets
Submitter: miller.jona
Maintainer: miller.jona
Last Packager: miller.jona
Votes: 1
Popularity: 0.30
First Submitted: 2020-10-21 22:27
Last Updated: 2020-10-22 14:26

How To Open Git Bash

Dependencies (6)

Git Bash Tutorial

  • bash(bash-devel-git, bash-devel-static-git)
  • bc(bc-gh)
  • curl(curl-git, curl-minimal-git)
  • git(git-git)
  • openssl(libressl-git, openssl-purify, openssl-zlib, openssl-git, openssl-weak-ciphers, openssl-hardened, openssl-static)
  • git(git-git)(make)

Sources (1)

This post is more about me needing this again in the future because I keep on forgetting this from time to time. I was recently trying to convert certificates from PEM format to PFX format so that they could be uploaded to the Azure Web Apps. I have the Git Bash Command running which by default has the OpenSSL package so I don't have to install it separately.

From what I know, when you purchase a certificate from a Certificate Authority (CA), they provide you with multiple certificates including intermediate certificates. You would have to combine all the certificates along with the intermediate certificate to obtain the required certificate. Some providers are also kind enough to include this already in PEM file. This file contains the certificates in the proper order and includes the intermediate certificates as well.

The command to convert the PEM certificate file to PFX is as below -

After typing the command, the screen will just sit and stare you with no option and no output -


The only option now is to kill the command prompt and reopen it.

This issue arises because in the difference how input is passed to the OpenSSL command by Git Bash console. The fix to this issue is adding the word winpty before the entire command. Doing this will make the prompt enter your password, confirm the password again and once done, you will notice that a PFX file has been generated.
So, the command becomes -

Git Bash Openssl

You might be wondering what WinPTY is and as per this SO thread,

winpty is A Windows software package providing an interface similar to a Unix pty-master for communicating with Windows console programs.
That is why you need it as described here:

Git Bash Openssl Hangs

The software works by starting the winpty-agent.exe process with a new, hidden console window, which bridges between the console API and terminal input/output escape codes. It polls the hidden console's screen buffer for changes and generates a corresponding stream of output.