What is the PFX or PKCS12 format?
PFX format is commonly used to bundle the private key with the associated certificate and all other certificates in the certificate chain.
Where can I download my certificate as PFX file?
It is mandatory that the PFX format contains the private key.
However, the private key is never transmitted to us or the Certificate Authority during the configuration process for security reasons.
How to convert the certificate to PFX?
Option 1: Convert with OpenSSL command-line (Linux, Mac)
You can convert the certificate using the free, open source software OpenSSL which is available for many platforms.
Download a pre-compiled binary for Windows here: https://wiki.openssl.org/index.php/Binaries
To convert your certificate to PFX, run the following command:
1 | openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile CACert.crt |
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile CACert.crt
Placeholders:
certificate.pfx: new certificate (in PKCS12/PFX format)
private.key: private key file
certificate.crt: certificate file
CACert.crt: intermediate certificate file
Option 2: Convert with OpenSSL GUI (Windows)
You can also download the software tool YAOG which provides a graphical interface to OpenSSL from Github or our SSLPOINT Mirror.
To convert with this tool, please follow these steps:
1) Unzip the archive and start YetAnotherOpensslGui.exe 2) Input the certificate into the left field (Copy & Paste or “Load” button):
3) Input the Private Key into the right field (Copy & Paste or “Load” button):
4) Click the “save PKCS12” button:
5) Load all intermediate certificates for a valid certificate chain:
6) Input a strong password and save the certificate in PKCS12 / PFX format:
