How to generate Public Key (PFX)

If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificate into the appropriate format.
PFX is a container used for MS Windows-based OS that stores your private key, certificate, intermediate certificate and root ceritifcate in one single file.

Type PEM P7B (PKCS#7) PFX (P12/PKCS#12) DER
Platforms Apache and similar MS Windows / Java Tomcat MS Windows machines Java platforms
Private key Can be included Not included Can be included Not included

Archive downloaded from SSL Panel does not include PFX due to security reasons (we do not store private keys, only show during CSR generation and sent to owner email) but you can generate PFX by yourself. Be sure OpenSSL tool is presented on your system.


1. Copy and paste private key (find an email in you inbox with subject: "Your generated CSR and keys for domain ..." and sender: "") to text editor and save it as a file named 'private.key'.

2. Extract P7B from certificate archive (stores certificate, intermediate certificate and root certificate), rename to p7b.p7b and put in the same folder where 'private.key' file is located


3. Recode P7B into PEM format using openssl command:

openssl pkcs7 -print_certs -in p7b.p7b -out certificate.pem

New file 'certificate.pem' should appear in the folder

4. Generate PFX with command:

openssl pkcs12 -export -in certificate.pem -inkey private.key -out mycert.pfx

where 'mycert.pfx' - required name of our new PFX

5. Input and confirm password (use strong password because of PFX besides certificate, intermediate certificate and root certificates also stores your private key). You can generate strong password with e.g. command:

openssl rand -base64 32

Unauthorised access to PFX can cause certificate compromise.

6. 'mycert.pfx' will appear in folder. Well done!

The PFX was successfully generated and could be used for further operations.


Was this article helpful?
Additional questions? Submit a request