If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificate into the appropriate format.
PFX is a container used for MS Windows-based OS that stores your private key, certificate, intermediate certificate and root ceritifcate in one single file.
|Type||PEM||P7B (PKCS#7)||PFX (P12/PKCS#12)||DER|
|Platforms||Apache and similar||MS Windows / Java Tomcat||MS Windows machines||Java platforms|
|Private key||Can be included||Not included||Can be included||Not included|
Archive downloaded from SSL Panel does not include PFX during to security reasons (we do not store private key anywhere, only show during CSR generation and sent to owner email) but you can generate PFX by yourself. Be sure OpenSSL tool is presented on your system.
1. Copy-paste private key (find inbox email with subject: "Your generated CSR and keys for domain ..." and sender: "email@example.com") to text editor and save it as 'private.key'
2. Extract P7B from certificate archive (stores certificate, intermediate certificate and root certificate), rename to p7b.p7b and put in the same folder where 'private.key' located ;
3. Recode P7B into PEM format using openssl command:
'openssl pkcs7 -print_certs -in p7b.p7b -out certificate.pem'.
New file 'certificate.pem' will appear in folder
4. Generate PFX with command:
'openssl pkcs12 -export -in certificate.pem -inkey private.key -out mycert.pfx'
where 'mycert.pfx' - required name of our new PFX
5. Input and confirm password (use strong password because of PFX besides certificate, intermediate certificate and root certificates also stores your private key). You can generate strong password with e.g. command:
'openssl rand -base64 32' (32 - length).
Unauthorized access to PFX can cause certificate compromise ;
6. 'mycert.pfx' will appear in folder. Well done.
We generated PFX and it could be used for further operations