Convert PEM certificate.cer and private.key to PKCS#12 (.pfx .p12)

Issue: You need to create a composite .pfx certificate file package.
Background and pre-requisites: The first steps in your journey should have been to create a certificate request, submit this request to a certificate authority (CA) like GoDaddy or Comodo, and finally download the completed certificate from the CA.

The following steps assume you have successfully downloaded a certificate package from your certificate authority.

The following example command shows what to do with all the files you currently have at your disposal and how to place them in an openssl command to generate the .pfx file.

Example command: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

What are all the files:
.pfx
is the cert type that will be output, this will contain both the public and private keys, a complete all-in-one certificate package that can be imported into many web servers and devices.

the .key file is the private key, this file you will supply to the command.  The .key file should have come from your certificate request generation process (for example you may be generating the certificate request from an appliance like a Cisco IronPort ESA or a Citrix Netscaler, etc)

Your domain specific .crt file comes from your certificate authority, after submitting your certificate request you should have received a .crt file back.

You should have also received an additional .crt file which is the intermediate certificate bundle from your certificate authority (like GoDaddy or Comodo)

Command I used:
In the following example I was converting an SSL certificate for use on a Cisco IronPort ESA:
openssl pkcs12 -export -out ironportcert.pfx -inkey ironport_domain_com.key –in ironport.enterpriseit.co.crt -certfile gd_bundle.crt

At this point you should have a .pfx file which an be imported into various appliances and web servers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.