Published in Security
3 minutes read

Creating a .pfx File from Certificate and Private Key

A .pfx file (Personal Information Exchange) is a container format that holds both the public certificate and its associated private key. It is commonly used for securely storing and transferring certificates.


Before we proceed, make sure you have the following:

  • The certificate file in PEM or DER format (.cer, .crt, .pem, .der).
  • The private key file in PEM or DER format (.key, .pem, .der).

Steps to Create .pfx File

1. Convert the Certificate and Private Key to PEM Format (if needed)

If your certificate and private key are not already in PEM format, you may need to convert them. Many tools and platforms, including OpenSSL, work with PEM format.

To convert a certificate from DER to PEM:

openssl x509 -inform der -in certificate.der -out certificate.pem

To convert a private key from DER to PEM:

openssl rsa -inform der -in privatekey.der -out privatekey.pem

2. Combine the Certificate and Private Key into a .pfx File

Now that you have both the certificate and private key in PEM format, you can combine them into a .pfx file using the following OpenSSL command:

openssl pkcs12 -export -out certificate.pfx -inkey privatekey.pem -in certificate.pem

During this process, OpenSSL will prompt you to set a password for the .pfx file. Remember this password, as you will need it when using the .pfx file for various purposes.

3. Validate the .pfx File

To ensure that the .pfx file contains both the certificate and private key, you can view the contents of the .pfx file using the following command:

openssl pkcs12 -info -in certificate.pfx

Enter the password you set in the previous step, and OpenSSL will display information about the certificate, private key, and other relevant details.

0 Comment