How to create a pfx certificate from a cer certificate

How to create a pfx certificate from a cer certificate

1.Different type of certificate

  • PEM Format

The most prevalent format in which Certificate Authorities issue certificates is PEM. The extensions of PEM certificates are usually.pem,.crt,.cer, and.key. They are ASCII files that have been Base64 encoded and contain the statements “——-BEGIN CERTIFICATE——-” and “——-END CERTIFICATE——-“. The PEM format can be used to store server certificates, intermediate certificates, and private keys.
PEM format certificates are used by Apache and other comparable servers. Although several PEM certificates, as well as the private key, can be placed one on top of the other in a single file, most platforms, such as Apache, want the certificates and private key to be kept separate.


  • DER Format


Instead to the ASCII PEM format, the DER format is merely a binary representation of a certificate. The only method to discern the difference between a DER.cer file and a PEM.cer file is to open it in a text editor and look for the BEGIN/END statements. It sometimes has a file extension of.der, but it typically has a file extension of.cer. The DER format can be used to encode any sort of certificate or private key. DER is most commonly associated with Java systems. Only the DER format can be converted via the SSL Converter. Please use the OpenSSL commands on this page to convert a private key to DER.


  • PKCS#7/P7B Format


The PKCS#7 or P7B format is commonly stored in Base64 ASCII and has the file extension.p7b or.p7c. “——-BEGIN PKCS7—–” and “——-END PKCS7—–” statements are included in P7B certificates. The private key is not included in a P7B file; it only contains certificates and chain certificates. P7B files are supported by a number of platforms, including Microsoft Windows and Java Tomcat..


  • PKCS#12/PFX Format


The PKCS#12 or PFX format is a binary file format for encrypting the server certificate, any intermediary certificates, and the private key. The extensions of PFX files are usually.pfx and.p12. PFX files are commonly used to import and export certificates and private keys on Windows PCs.

When converting a PFX file to PEM format, OpenSSL creates a single file that contains all of the certificates and the private key. Open the file in a text editor and copy each certificate and private key (including the BEGIN/END instructions) to a separate text file, saving them as certificate.cert, CACert.cert, and privateKey.key, respectively.

2.Before you begin

You must have:

  • The original private key that was used for the certificate
  • A PEM (.pem, .crt, .cer) file

About this task

Certificates are commonly issued as PFX files, with the extension .pfx or .p12. If you have a certificate in another format, you can convert it to PFX 


Here is how to do this on Windows without third-party tools:

 Import certificate to the certificate store. In Windows Explorer select “Install Certificate” in context menu.


Follow the wizard and accept default options “Local User” and “Automatically”.

Find your certificate in the certificate store. On Windows 10 run the “Manage User Certificates” MMC. On Windows 2013 the MMC is called “Certificates”. On Windows 10 by default your certificate should be under “Personal”->”Certificates” node.

Export Certificate. In context menu select “Export…” menu:

 Select “Yes, export the private key”:

 You will see that .PFX option is enabled in this case:

Specify password for private key.

  • For Linux
  1. Open a terminal window.
  2. Run the command for the conversion you want to perform:
    Ps:  make sure to replace server with the name of your server.
openssl pkcs12 -inkey server_key.pem -in server_cert.cert -export -out server_pfx.pfx

Breaking down the command:

  • openssl : the command for executing OpenSSL
  • pkcs12 : the file utility for PKCS#12 files in OpenSSL
  • -inkey privateKey.pem : use the private key file privateKey.key as the private key to combine with the certificate.
  • -in server_cert.cert  : use certificate.cert as the certificate the private key will be combined with.
  • -export -out certificate.pfx : export and save the PFX file as certificate.pfx

See the articles on installing SSL certificates on Microsoft server, Plesk, Apache on the blog of your Oxabox web host.

  1. How to install an SSL certificate on Microsoft Internet Information Service (IIS)
  2. How to install an SSL certificate on Apache
  3. How to install an SSL certificate on Plesk

OXABOX also provides the installation of SSL certificates by our qualified experts. Do not hesitate to contact us.