In Cryptography, PKCS #12 (PFX) is an archive file format used to store numerous cryptographic items within the same file. PKCS #12 is a member of the ‘Public-Key Cryptography Standards’ family and is most commonly used to bundle together a private key with its counterpart SSL and Intermediate Certificates. This is otherwise known as binding the members of a chain of trust.
Filename extensions for PKCS #12 include ‘.p12’ or ’.pfx’. Although the terms PKCS #12 and PFX are commonly used interchangeably, PFCS #12 is in the fact the successor to PFX. There are several servers that either prefer or require the certificate(s) to be in PFX in order to install them successfully. If this is the case then you will need to convert your PEM Certificates into a PFX File using the conversion tool on the Trustico® website.
PFX Conversion Instructions.
Firstly you will need to have access to your;
- SSL Certificate.
- Intermediate (CA) Certificate.
- Private Key.
If you had your CSR generated automatically during the certificate ordering process, the private key along with the two certificates will be available within the ‘Order Tracking‘ section on the Trustico® website.
To access the order tracking section you will need your order number and memorable date.
**Remember to make sure that you are on the correct website that aligns with where you purchased the certificate from. If you purchased from the U.S website, you will not be able to login to that order on the Australian website and so on.
Once you have logged in, scroll down the page to find the following certificates.
If the private key section contains the following message;
“NOTICE : This Private Key was only shown for 14 days after fulfillment. For security reasons the Private Key can no longer be viewed, please contact us for more information.”
If the private key section is blank, Trustico® does not have a copy of your private key. If your CSR was generated automatically during the certificate ordering process than we will have a copy of your private key. Alternatively if it has been generated externally, we will not have a copy as the private key and CSR are generated together at the same time. See below for more information.
Once you have the three required Certificates, You will need to open the PFX Converter.
Simply copy and paste the three key/certificates from the order tracking section directly into the PFX converter. Create a password and press the ‘download zip’ button.
If successful the download will begin. Once downloaded you will need to unzip.
If your key is not within the tracking section.
There are two instances where Trustico® will not have your private key;
1. The CSR was generated on your server. If this is the case you have 2 options;
- Stop trying to convert and install the certificate as a PFX. Instead convert to a p7b as it requires only the SSL and Intermediate and is suggested for those who have generated their CSR on a server.
- Locate the Private Key on your server.
2. The CSR was generated using an external CSR Generator such as the one on the Trustico® website. If this is the case, there should be a copy of the private key in the same location you downloaded the CSR as they are downloaded together within the one .zip file.
If you have lost your private key or as another alternative.., you may re generate the CSR and Private Key. Use Issuance Insurance to reissue the certificate and then start the process again as you will then have all the necessary key/certificates.