Create a PFX certificate file using OpenSSL

I usually work with Linux-based operating systems for web development. However, my company does run a couple of Microsoft Windows(R) servers for internal financial systems. When securing connections to Windows services, it is often useful to have certificates available in PFX format.

To convert a private key, certificate, and (optionally) any trusted chains; you will need the following:

  • The private key file.
  • A PEM containing the corresponding certificate.
  • Additional trust chains to be included (may also be included in the PEM in bullet 2).
  • OpenSSL (I tested this with the Mac OS X High Sierra – LibreSSL 2.2.7).

Place all of the files in your home directory and start a terminal session. Execute the following command, replacing the file names where appropriate for the files you have prepared:

openssl pkcs12 -export -out trevweb.pfx -inkey trevweb.key -in trevweb.crt -certfile trust-chain.crt

Assuming everything executed correctly, you should now have a ‘trevweb.pfx’ file located in your home directory ready to be imported easily by Windows services. A PFX, or I think more accurately a PKCS #12, file is a binary file format that may contain multiple certificate bundles.

Leave a Reply

Your email address will not be published. Required fields are marked *