[Q] Import private key

Hello community,

I am new to OFTP2 and certificates, so I am sorry if I have some errors in basics.

I have these Key files: OurCompany.csr, OurCompany-private-key.epk and OurCompany-public-key.p1.
I have these certificate: RootCertificate.pem, IssuingCACertificate.pem and OurCompanyCertificate.pem.

I now want to import our private key to with all of our certifikates to Mendelson OFTP2. Certificates import succesfully via "Certificates (TLS)/Import certificate" function, but if I want to import our private keys via "Certificates (TLS)/Import/Import your own private key (from PEM)" I don't know what I should put into "Import key file (PEM)" and "Import certificate file".

Solution steps:
Start Mendelsong OFTP2 as admin

  • Import key file (PEM) = OurCompany-private-key.epk
  • Keypassword for importing key = [Our password for the private key]
  • Import certificate file = OurCompanyCertificate.pem
  • New alias use = edi.OurCompany.de

Where is my error? Do I misunderstand something or do I have to import the key somewhere else before?

Thanks and with best regards,



Profile picture for user service


does not give a detailled error message, you are right. Please try open_ssl executing

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key.pem -in certificate.crt.pem

This converts your PEM files to a pkcs#12 keystore with a keypair in it.
Perhaps this gives more information about your files. And if it works you could import the key from the resulting pkcs#12 keystore into the mendelson software.


Hello Service,

great that worked. Thank you very much and have a wonderful day.

Best regards,

Does not work. I have the epk file from the Windows-tool (binary file!) and die ODETTE Certificate (PEM, Textfile)
oftp2 allows to import private keys as PEM (I don't have the key in .PEM version, only the binary epk file)
oftp2 allows to import private key as PKCS#12 file, don't have this one either
and Java Keystore is another option, no idea how to generate that.

openssl pkcs12 -export -out certificate.pfx -inkey priv.epk -in ODETTE15341.CER

fails because (so I think) it expects the key in PEM form (ascii) but I only have .epk

Please elaborate all steps to get from the ODETTE -WindowsTool generating an epk file + the signed ODETT Certificate to a file able to be imported into OFTP2.
Ans please include all intermediate openssl steps !

Profile picture for user service


I think you need to find out more about this "epk file". This is just a file name but what does it contain? A keystore? A single key, a certificate? Which format?

As long as you don't know this it might be hard to work with it and/or to import it somewhere.


File attachments