If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificate into the appropriate format.
PFX is a container used for MS Windows-based OS that stores your private key, certificate, intermediate certificate and root ceritifcate in one single file.
|Type||PEM||P7B (PKCS#7)||PFX (P12/PKCS#12)||DER|
|Platforms||Apache and similar||MS Windows / Java Tomcat||MS Windows machines||Java platforms|
|Private key||Can be included||Not included||Can be included||Not included|
Archive downloaded from SSL Panel does not include PFX due to security reasons (we do not store private keys, only show during CSR generation and sent to owner email) but you can generate PFX by yourself. Be sure OpenSSL tool is presented on your system.
1. Copy and paste private key (find an email in you inbox with subject: "Your generated CSR and keys for domain ..." and sender: "email@example.com") to text editor and save it as a file named 'private.key'.
2. Extract P7B from certificate archive (stores certificate, intermediate certificate and root certificate), rename to p7b.p7b and put in the same folder where 'private.key' file is located
3. Recode P7B into PEM format using openssl command:
openssl pkcs7 -print_certs -in p7b.p7b -out certificate.pem
New file 'certificate.pem' should appear in the folder
4. Generate PFX with command:
openssl pkcs12 -export -in certificate.pem -inkey private.key -out mycert.pfx
where 'mycert.pfx' - required name of our new PFX
5. Input and confirm password (use strong password because of PFX besides certificate, intermediate certificate and root certificates also stores your private key). You can generate strong password with e.g. command:
openssl rand -base64 32
Unauthorised access to PFX can cause certificate compromise.
6. 'mycert.pfx' will appear in folder. Well done!
The PFX was successfully generated and could be used for further operations.