Skip to content

PKCS12 certificate conversion

PKCS#12 (also known as PFX) is a file format used to store cryptographic objects, such as private keys and public certificates, in a single encrypted file.^[free-domain.md] This format is commonly employed to facilitate the transport of security credentials or to configure SSL/TLS within server software.

File structure

A PKCS#12 file typically bundles three components together: the private key, the server certificate (certificate), and the intermediate certificate chain (ca_bundle).^[free-domain.md]

Conversion

To create a PKCS#12 file (.pfx or .p12) from separate PEM-encoded files, the openssl command-line tool is commonly used. The process involves reading the private key and the certificate files and including the chain certificate.

For example, the following command generates a tls.pfx file by exporting the private key (private.key) and the main certificate (certificate.crt), while also bundling the Certificate Authority bundle (ca_bundle.crt):^[free-domain.md]

[OpenSSL](<./openssl.md>) pkcs12 -export -out tls.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt

The output file can then be used in applications like [[Tomcat]] by specifying the keystoreType as PKCS12 and pointing the configuration to the generated file.^[free-domain.md]

Sources

  • free-domain.md