How to generate Public Key (PFX)

If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificate into the appropriate format.
PFX is a container used for MS Windows-based OS that stores your private key, certificate, intermediate certificate and root ceritifcate in one single file.

Type PEM P7B (PKCS#7) PFX (P12/PKCS#12) DER
Platforms Apache and similar MS Windows / Java Tomcat MS Windows machines Java platforms
Private key Can be included Not included Can be included Not included

Archive downloaded from SSL Panel does not include PFX due to security reasons (we do not store private keys, only show during CSR generation and sent to owner email) but you can generate PFX by yourself. Be sure OpenSSL tool is presented on your system.


1. Copy and paste the private key (find an email in your inbox with subject: "Your generated CSR and keys for domain ..." and sender: "") to the text editor and save it as a file named 'private.key'.

2. Extract P7B from the certificate archive (stores certificate, intermediate certificate, and root certificate), rename it to p7b.p7b, and put it in the same folder where the 'private.key' file is located.

Note: If you are using a Windows machine and can't find certificate files for Wildcard SSL orders in the folders using File Explorer, we recommend using 7-Zip to extract the zip archive.

3. Recode P7B into PEM format using OpenSSL command:

openssl pkcs7 -print_certs -in p7b.p7b -out certificate.pem

New file 'certificate.pem' should appear in the folder

4. Generate PFX with command:

openssl pkcs12 -export -in certificate.pem -inkey private.key -out mycert.pfx

where 'mycert.pfx' - required name of our new PFX

5. Input and confirm password (use strong password because of PFX besides certificate, intermediate certificate and root certificates also stores your private key). You can generate strong password with e.g. command:

openssl rand -base64 32

Unauthorised access to PFX can cause certificate compromise.

6. 'mycert.pfx' will appear in folder. Well done!

The PFX was successfully generated and could be used for further operations.


Was this article helpful?
Additional questions? Submit a request