openssl pkcs12

How to create .pfx file from certificate and private key?

You will need to use openssl.

openssl pkcs12 -export -out -inkey -in

The key file is just a text file with your private key in it.

If you have a root CA and intermediate certs, then include them as well using multiple -in params

openssl pkcs12 -export -out -inkey -in -in intermediate.crt -in rootca.crt

You can install openssl from here: openssl

openssl pkcs12


The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.


There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the -export option (see below).




This option specifies that a PKCS#12 file will be created rather than parsed.

-out filename

This specifies filename to write the PKCS#12 file to. Standard output is used by default.


-in filename

The filename to read certificates and private keys from, standard input by default.

They must all be in PEM format. The order doesn't matter but one private key and its corresponding certificate should be present. If additional certificates are present they will also be included in the PKCS#12 file.


-inkey file_or_id

File to read private key from. If not present then a private key must be present in the input file. If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier.


posted @ 2021-09-08 11:19  ChuckLu  阅读(27)  评论(0编辑  收藏  举报