How to create a PFX file

What is a PFX file?

A PFX (Personal Exchange Format) file is a combination of an SSL Certificate, Intermediate CA Bundle, and Private Key. It is most often used when installing an SSL Certificate onto Windows and Tomcat environments. It is determined with the ‘.pfx’ file suffix.

Note if you created a Certificate Request on IIS: you will not be able to access your Private Key to create a PFX file. Instead you will need to create a P7B file and install it onto your server. IIS will automatically match the P7B file to your Private Key.

Using the Trustico® Tool to create a PFX file

What you will need:

Step 1: Trustico® Tools

Open the Trustico® Tools and make sure you are on the ‘SSL Certificate Converter’ page.

The landing page of the SSL Certificate Converter Tool.

Step 2: Upload the SSL Certificate

Click the ‘Choose File’ button under the ‘SSL Certificate To Convert’ option and select the relevant SSL/TLS Certificate (ensure it is in either .cer or .crt format). The tool will attempt to automatically detect the format and update the ‘Existing SSL Certificate Format’ accordingly; if you think this is wrong, simply manually select the format type using the dropdown menu.

A red arrow pointing to the 'Choose File' button when selecting your SSL Certificate.

Step 3: Choose the file format

Under the ‘New SSL Certificate Format’ option, use the dropdown menu to select ‘PFX/PKCS#12’. This will add some additional forms to fill above.

A red arrow pointing to the 'PFX' option when selecting your New SSL Certificate Format.

Step 4: Upload the Private Key

Click the ‘Choose File’ button under the ‘Private Key’ option and select your Private Key.

A red arrow pointing to the 'Choose File' button when selecting your Private Key.

Ensure the Private Key is in ‘.key’ format.
This can be done by copying the Private Key and pasting it into a program like Notepad, then selecting ‘File’ >> ‘Save as’. Name your file and navigate down to ‘Save as type’ and select ‘all’. Add ‘.key’ to the end of your file name and then save.

Setting the file type to 'all files' and adding the '.key' extension to the file name.

Step 5: Upload the Intermediate CA Bundle

Click the ‘Choose File’ button under the ‘Intermediate Certificate 1 (Optional)’ option and select your Intermediate CA Bundle (ensure it is in either .cer or .crt format). You can ignore ‘Intermediate Certificate 2 (Optional)’ since we are using a bundle.

A red arrow pointing to the 'Choose File' button when selecting your Intermediate CA Bundle.

Step 6: Add a password

Add a password (Optional). Trustico® recommends that you always create a password for every PFX file you create. This ensures the highest level of security for your SSL Certificate. Note: Trustico® does not save your password. It is up to you to make sure you remember it or keep it in a safe location.

A red arrow pointing to the 'PFX Password (Optional)' form when creating a pfx file.

Step 7: Convert and download the PFX file

Click the ‘Convert’ button. Your browser will download your PFX file inside a ZIP file. Now you can access your new PFX file and install it onto your server.

Updated on December 31, 2019

Was this article helpful?

Related Articles