Sometimes, you have a certificate in PEM format as a CRT file (also called a CER file) with a key file (also called a PEM file), and you need to combine and convert them into a PFX certificate.
In this post, I will show you step-by-step how to convert a PEM certificate into a PFX file.
Prerequisites
- OpenSSL binary installed. You can find the OpenSSL binaries on the OpenSSL wiki.
- Private key file
- SSL Certificate
The Process
- Place everything in a working directory.
I will be using C:\SSL as my working directory.
- Open the command line. You can use Linux or Windows. The commands are all the same regardless of which OS you are using.
I will be using Microsoft Windows with Windows Terminal and PowerShell.
To convert the certificate using OpenSSL, we will need to use a few options to create our command.
- The options we will use are
pkcs12to tell OpenSSL that we will be working with a PKCS#12 file. PKCS#12 is another name for a PFX file.inkeyto tell OpenSSL which private key to use.into tell OpenSSL which certificate file to use.exportto tell OpenSSL we want to export a PKCS#12 file.outto tell OpenSSL where to save the converted certificate.
- Run the following command to convert the certificate into a PFX file. Replace PATH_TO_KEY and PATH_TO_CERT with the location of your certificate and private key, and replace PATH_TO_PFX with where you want the PFX file saved.
openssl pkcs12 -inkey PATH_TO_KEY -in PATH_TO_CERT -export -out PATH_TO_PFX
In my example, I have a private key named private.key, and my certificate file is named star_thedxt_ca.crt. I also want to create a PFX file named wild_thedxt_ca.pfx. The command for me will look like openssl pkcs12 -inkey private.key -in star_thedxt_ca.crt -export -out wild_thedxt_ca.pfx
- Enter the password for the private key.
- Create a password for the PFX file.
That’s it. You have now combined and converted the private key and the PEM certificate into a PFX certificate.
