PKCS#12 Format (.pfx/.p12)¶
The PKCS#12 format, also known as PFX or P12, is a binary format used for cryptography storage^[600-developer__tools__security__security-file-extension-name.md]. It is designed to store the server certificate, intermediate certificates, and the private key in a single, encryptable file^[600-developer__tools__security__security-file-extension-name.md].
File Extensions¶
Files in this format typically use the extensions .pfx or .p12^[600-developer__tools__security__security-file-extension-name.md]. The .pfx extension is particularly common as the standard format for certificates generated by Windows tools, such as those created by dotnet dev-certs https^[600-developer__tools__security__security-file-extension-name.md].
Usage¶
PKCS#12 is primarily used for importing and exporting certificates and private keys on Windows machines^[600-developer__tools__security__security-file-extension-name.md]. Because it bundles all necessary components (certificate chain and private key) into one file, it simplifies the process of transferring security credentials.
Conversion and Generation¶
Generating a .pfx file¶
To create a PKCS#12 file, a private key and a certificate are typically combined^[600-developer__tools__security__security-file-extension-name.md]. For example, the following openssl command combines server.crt and server.key into server.pfx:
[OpenSSL](<./openssl.md>) pkcs12 -export -in server.crt -inkey server.key -out server.pfx
Since the resulting file contains the private key, it requires a password for protection during the export process^[600-developer__tools__security__security-file-extension-name.md].
Converting to PEM¶
While Linux environments often utilize PEM format, PKCS#12 files can be converted^[600-developer__tools__security__security-file-extension-name.md]. To extract the public key/certificate portion to a PEM-encoded .crt file, the following command can be used:
[OpenSSL](<./openssl.md>) pkcs12 -in localhost.pfx -out localhost.crt -nokeys -nodes
Related Concepts¶
- [[PEM Format]]
- [[PKCS#7 Format]]
- SSL/TLS Certificates
Sources¶
- 600-developer__tools__security__security-file-extension-name.md