In this guide we take a look on how to create a PFX file, if you need just the opposite: extracting the private, public keys from a PFX file, follow the tutorial here.
Building a PFX file will require three components:
- The private key
- The public key
- And the chain file with the intermediate and CA's certificate
When generating the SSL, we get the private key that stays with us. The public key is sent to the CA for signing, after which the signed, full public key is returned in a BASE64 encoded format together with the CA's root certificate or certificate chain. Having those we'll use OpenSSL to create a PFX file that contains all tree.
1. Locate the priv, pub and CA certs
In our example we use a Debian machine with the Let's Encrypt certbot deployed. We have a wildcard certificate for alwayshotcafe.com acquired by the certbot, so we know that the three cert files we need is located in /etc/letsencrypt/live/alwayshotcafe.com
2. Export PFX
# Export PFX into /tmp/wildcard.pfx openssl pkcs12 -export -out /tmp/wildcard.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
The exported wildcard.pfx is stored in the /tmp directory.
Comments