Create a PFX file using openssl in Linux

PKCS#12 files can be imported and exported by a number of applications, including Microsoft IIS. They are often associated with the file extension .pfx.

To create a PKCS#12 certificate, you’ll need a private key and a certificate. During the conversion process, you’ll be given an opportunity to put an “Export Password” (which can be empty, if you choose) on the certificate.

# create a file containing key and self-signed certificate



openssl req \

-x509 -nodes -days 365 \

-newkey rsa:1024 -keyout mycert.pem -out mycert.pem

# export mycert.pem as PKCS#12 file, mycert.pfx

openssl pkcs12 -export \

-out mycert.pfx -in mycert.pem \

-name “My Certificate”



If someone sends you a PKCS#12 and any passwords needed to work with it, you can export it into standard PEM format.



# export certificate and passphrase-less key

openssl pkcs12 -in mycert.pfx -out mycert.pem -nodes

# same as above, but you’ll be prompted for a passphrase for

# the private key

openssl pkcs12 -in mycert.pfx -out mycert.pem