JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Create a pkcs12 (.pfx or .p12)
from OpenSSL files (.pem , .cer, .crt, ...)

You have a private key file in an openssl format and have received your SSL certificate. You'd like now to create a PKCS12 (or .pfx) to import your certificate in an other software?

Here is the procedure!

  • Find the private key file (xxx.key) (previously generated along with the CSR).
  • Download the .p7b file on your certificate status page ("See the certificate" button then "See the format in PKCS7 format" and click the link next to the diskette).
  • a) Convert this file into a text one (PEM):

    On Windows, the OpenSSL command must contain the complete path, for example:
    c:\openssl-win32\bin\openssl.exe ...)

    openssl pkcs7 -in p7-0123456789-1111.p7b -inform DER -out result.pem -print_certs
    
  • b) Now create the pkcs12 file that will contain your private key and the certification chain:
    openssl pkcs12 -export -inkey your_private_key.key  -in result.pem -name my_name -out final_result.pfx
    

    You will be asked to define an encryption password for the archive (it is mandatory to be able to import the file in IIS). You may also be asked for the private key password if there is one!

You can now use the file file final_result.p12 in any software that accepts pkcs12! For IIS, rename the file in .pfx, it will be easier.

Alternatively, if you want to generate a PKCS12 from a certificate file (cer/pem), a certificate chain (generally pem or txt), and your private key, you need to use the following command:

openssl pkcs12 -export  -inkey your_private_key.key -in your_certificate.cer -certfile your_chain.pem -out final_result.pfx

Linked Documentation: