What is a PFX file?
A PFX (Personal Exchange Format) file is a combination of an SSL Certificate, Intermediate CA Bundle, and Private Key. It is most often used when installing an SSL Certificate onto Windows and Tomcat environments. It is determined with the ‘.pfx’ file suffix.
Note if you created a Certificate Request on IIS: you will not be able to access your Private Key to create a PFX file. Instead you will need to create a P7B file and install it onto your server. IIS will automatically match the P7B file to your Private Key.
Using the Trustico® Tool to create a PFX file
What you will need:
- Your SSL Certificate in .cer or .crt format
- Your Intermediate CA Bundle in .cer or .crt format
- Your Private Key in .key format
Step 1: Trustico® Tools
Open the Trustico® Tools and make sure you are on the ‘SSL Certificate Converter’ page.
Step 2: Upload the SSL Certificate
Click the ‘Choose File’ button under the ‘SSL Certificate To Convert’ option and select the relevant SSL/TLS Certificate (ensure it is in either .cer or .crt format). The tool will attempt to automatically detect the format and update the ‘Existing SSL Certificate Format’ accordingly; if you think this is wrong, simply manually select the format type using the dropdown menu.
Step 3: Choose the file format
Under the ‘New SSL Certificate Format’ option, use the dropdown menu to select ‘PFX/PKCS#12’. This will add some additional forms to fill above.
Step 4: Upload the Private Key
Click the ‘Choose File’ button under the ‘Private Key’ option and select your Private Key.
Ensure the Private Key is in ‘.key’ format.
This can be done by copying the Private Key and pasting it into a program like Notepad, then selecting ‘File’ >> ‘Save as’. Name your file and navigate down to ‘Save as type’ and select ‘all’. Add ‘.key’ to the end of your file name and then save.
Step 5: Upload the Intermediate CA Bundle
Click the ‘Choose File’ button under the ‘Intermediate Certificate 1 (Optional)’ option and select your Intermediate CA Bundle (ensure it is in either .cer or .crt format). You can ignore ‘Intermediate Certificate 2 (Optional)’ since we are using a bundle.
Step 6: Add a password
Add a password (Optional). Trustico® recommends that you always create a password for every PFX file you create. This ensures the highest level of security for your SSL Certificate. Note: Trustico® does not save your password. It is up to you to make sure you remember it or keep it in a safe location.
Step 7: Convert and download the PFX file
Click the ‘Convert’ button. Your browser will download your PFX file inside a ZIP file. Now you can access your new PFX file and install it onto your server.