Pem From P12

  1. Pem File From P12
  2. Openssl Convert P12 To Pem
  3. Create P12 From Pem
  4. Get Pem From P12
  5. Pem P12 Pfx
  6. Extract Pem From P12 On Windows

For the SSL certificate, Java doesn’t understand PEM format, and it supports JKS or PKCS#12. This article shows you how to use OpenSSL to convert the existing pem file and its private key into a single PKCS#12 or.p12 file.

  1. Openssl pkcs12 -in path.p12 -out newfile.pem -nodes Or, if you want to provide a password for the private key, omit -nodes and input a password: openssl pkcs12 -in path.p12 -out newfile.pem.
  2. Convert the certificate from PEM to PKCS12, using the following command: openssl pkcs12 -export -out eneCert.pkcs12 -in eneCert.pem You may ignore the warning message this command issues. Enter and repeat the export password.

How to convert a PEM certificate to PFX or P12 format.

The PFX or PKCS12 format is a binary format that stores a server certificate, any intermediate certificates, along with the private key into a single encrypted file. PFX files typically have the .pfx and .p12 extensions. PFX files are typically used on Windows machines and macOS machines to import and export certificates and private keys. Tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores. The JKS format is Java’s standard “Java KeyStore” format, and is the format created by the keytool command-line utility. The PKCS12 format is an internet standard, and can be created with OpenSSL.

What you’ll need:

  • You will need the private key that was used to create the public key and certificate.
  • You will need the certificate in PEM format, typically with file extension of .crt, .pem or .cer.
  • You will need Openssl.

Lets take a look at the Openssl command you would use to convert the PEM cert to PFX:

Lets break down the different parts of the command to see what they do:

openssl – This starts the openssl software.

pkcs12 – This tells openssl to use PKCS#12 Data Management.

-export -out certificate.pfx – This tells openssl to export out a PFX file named certificate.pfx.

-inkey privateKey.key – This tells openssl to import the private key from a file named privateKey.key.

-in certificate.crt – This tells openssl to import the certificate from a file named certificate.crt.

-certfile chain.crt – This tells openssl to include any additional certificates contained in chain.crt you want to include in the PFX file. Typically this would be any Intermediate Certs that chain your cert to a root cert.

After you enter this command you will be prompted for a password that protects the PFX file. Without the password the PFX file is useless so do not forget it.


The end result of this command will be that you have a new file named certificate.pfx which contains your Private Key, the Certificate and any Intermediate certs you added as well, all wrapped into a binary format and protected by a password.

Table of contents

While building a mobile app with SimiCart, many customers encounter difficulties in creating a PEM file for iOS push notifications. So in this post, we will guide you how to create a PEM file.

What is a .PEM File?

PEM format which stands for Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor. According to Wikipedia, PEM data is commonly stored in files with a “.pem” suffix, a “.cer” or “.crt” suffix (for certificates), or a “.key” suffix (for public or private keys). The label inside a PEM file represents the type of the data more accurately than the file suffix, since many different types of data can be saved in a “.pem” file.

iOS app allows you to push notifications to all of your mobile users. There are three things a push notification can do:

  • Display a short text message
  • Play a brief sound
  • Set a number in a badge on the app’s icon

PEM file is used to setup Apple Push Notification. In this tutorial, you will be guided to generate a PEM file.

Here’s Detailed Guide to Create a .PEM File

Basically, to get a PEM file, you need to generate 3 following files:

Pem File From P12

  1. Certificate Signing Request (CSR file)
  2. SSL certificate (aps_ distribution.cer)
  3. Private key as a .p12 file

Step 1: Generate the Certificate Signing Request (CSR)

Whenever you apply for a digital certificate, you need to provide a Certificate Signing Request or CSR for short.

When you create the CSR, a new private key is made that is put into your keychain. You then send the CSR to a certificate authority (in this case that is the iOS Developer Portal), which will generate the SSL certificate for you based on the information in the CSR.

P12 from pem

Go to Applications / Utilities / Keychain Access / Certificate Assistant on your Mac and choose the menu option Request a Certificate from a Certificate Authority

If you do not have this menu option or it says “Request a Certificate from a Certificate Authority with key”, then download and install the WWDR Intermediate Certificate first. Also make sure no private key is selected in the main Keychain Access window.

You should now see the following window:

  • User email address: enter your email address here. It can be either same email address used to sign up for the iOS Developer Program or any email address.
  • Common Name: enter anything you want but it should be something descriptive. For example “app_pushnotification”
  • Make sure Saved to disk is checked and click Continue. Save this file as “app_pushnotification.certSigningRequest”.

Step 2: Generate the App ID and SSL Certificate

Go to and login to your Apple Developer Account.

Select Certificates, Identifiers, Profiles.

Select tab Production, then Click (+) Add to add a new Certificate.

Openssl Convert P12 To Pem

On Select Type page, select Apple Push Notification service SSL (Sanbox & Production). Then click Continue.

On this page, select the App ID you want to PUSH notification. Then click Continue.


Click Continue.

Upload the app_pushnotification.certSigningRequest file you have just created in Step 1. Then, click “Continue” and download .cer file.

Create P12 From Pem

Step 3. Create .p12 file

Double click on the file you have just downloaded, change file’s name to app_pushnotification.cer, move this file to your Desktop and open “Keychain Access”.

Now find “app_pushnotification” and “Apple Push Services:<your App ID>” and export these 2 items.

Name and save the .p12 file to a folder.

Then, there will be a popup shown asking for password. Set your own password.

Click OK. Tada! You’ve created PushChatKey.p12 file from aps_distribution.cer file.

So now you got three files:

  1. The CSR
  2. The private key as a p12 file (app_pushnotification.p12)
  3. The SSL certificate, app_pushnotification.cer

Let’s move to the last step.

Step 4. Generate PEM file

Store these three files in a safe place. Then you have to convert the SSL certificate and private key into a format that is more usable. Because the push part of our server will be written in PHP, you will combine the certificate and the private key into a single file that uses the PEM format.

You’re going to use the command-line OpenSSL tools for this. Open a Terminal and execute the following steps.

Go to the folder where you downloaded the files, in this case is the Desktop:

Convert the .cer file into a .pem file:

Convert the private key’s .p12 file into a .pem file:

Get Pem From P12

Finally, combine the certificate and key into a single .pem file:

The file app_pushnotification_end.pem is the one you need, which can be then used to set up push notification feature on your iOS application.

Hope this helps!

Further Reading:

How to Intergrate Push Notifications into Your PWAs using Firebase

Is it helpful?

Let us know if you liked the post. That’s the only way we can improve.MikeI'm an introvert who loves to figure out how things work and share it with people. Working in 2 biggest trend - mobile and e-commerce - really helps satisfy my curiosity.

Related Posts

5 Things You Don’t Know About Benefits of Mobile Apps

Pem P12 Pfx

How to Integrate Push Notifications into Your PWA

Extract Pem From P12 On Windows

Understand the Key Phases of Mobile App Development Process