Pem To P12 Online

Pem to p12 online calculatorPem To P12 Online
Last updated: 14 Dec, 2020
Copy
Copied
Last updated: 14 Dec, 2020
Views: 1662
Updated: 14 Dec, 2020
by Andrew Sharrad

How to Create a PFX Certificate File from a PEM File

Problem

Some certificate authorities (such as Let's Encrypt) only supply certificate in the form of a PEM file, which is not usable by many Windows services.

In the case of Let's Encrypt, the PEM file may not have been generated as a part of a certificate signing request.

How to Convert PEM to PFX

  • Install the latest stable Open SSL. The main page is here or you can find good Windows binaries here.
  • Copy the PEM file to the OpenSSL binary folder, such as C:Program FilesOpenSSL-Win64bin
  • Open an administrative command prompt or Powershell window to that folder
  • Type in:

.openssl pkcs12 -export -out result.pfx -inkey mypemfile.pem -in mypemfile.pem

  • You will be prompted for a PFX password as part of the process. You must securely store the password with the PFX file to be able to use it.
  • Above, the -inkey command is used to input the private key. If you have a separate certificate signing request (CSR) this would likely not be in the .PEM file, but would be in a separate .CRT file:

.openssl pkcs12 -export -out result.pfx -inkey mycsrkeyfile.crt -in mypemfile.cer

Also see here.

Applies to:

  • Windows Server services that require a PFX certificate that includes the private key
Last updated: 14 Dec, 2020
Updated: 14 Dec, 2020 by Andrew Sharrad

Pem To P12 OnlineCalculator

Create P12 From Pem

From PEM to PFX: openssl pkcs12 -export -out yourpfxcertificate.pfx -inkey yourprivate.key -in yourpemcertificate.crt -certfile CA-bundle.crt. You will be also prompted to specify the password for the PFX file. Make sure you remember the password, it will be used when you need to import the PFX to a new server. In practice PKCS12 files are always binary, although there's no technical reason they couldn't be PEM-encoded or otherwise made more human-friendly. How to generate CER, CRT or P12 from my 2 PEM files that I have? To get a certificate you need to either use a CA (either an established one or a DIY one you create) or create a selfsigned certificate. Go to Download and install version 1.0.1p. Run the following command format from the OpenSSL installation bin folder. Openssl pkcs12 -export -out Cert.p12 -in cert.pem -inkey key.pem -passin pass:root -passout pass:root.