What is the use of PFX? What you must ensure while using a PFX?

What is a PFX file?

PFX file is a single, password-protected certificate file that contains the complete certificate chain and the identical private key.

Uses of the .pfx file

-> The primary use of the .pfx file is to transfer or migrate the SSL Certificate from one server to another.

-> To separate a private key from the SSL Certificate. Many applications such as Nodejs need a Certificate key and private key separately in plain text format to install an SSL Certificate on it.

Essential points we must know while using the pfx file to issue the SSL Certificate.

-> You must store the password at a safe place while exporting the SSL Certificate from the Webserver (IIS)/application because it is required while installing the SSL Certificate on the website or application.

-> The pfx file must be in the .pfx format.

-> While creating a pfx file, the SSL Certificate and its corresponding private key must be on the same server.

How to extract a private key from a PFX file in Linux System?

To extract the private key from the PFX file in the Linux environment, you must execute the following command in the terminal.

$ openssl pkcs12 -in demovpstest.com.pfx -nocerts -out private.key -nodes

Once you fire it, you will get the following output. You need to copy text between and including —–BEGIN PRIVATE KEY—– and —–END PRIVATE KEY—– text.

How to export a private key from the SSL Certificate in Windows Server?

In the windows server, you can separate the private key from the SSL Certificate by creating a pfx file. Below are the to export the private key from the SSL Certificate.

Creating an MMC Snap-in to Manage Certificates

Step 1: Click on the Windows Start button and type run in the Search field.

Step 2: Type mmc in the Run window and click on the OK button.

Step 3: Click on File Menu and select the Add/Remove Snap-in option.

Step 4: In the Add/Remove Snap-in window, select Certificates from the Available Snap-ins menu on the left side of the screen and click on the Add button.

Step 5: Select a Computer account and click on the Next button.

Step 6: Select Local Computer and click on the Finish button.

Step 7: Click the OK button to return to the main console.

Exporting a Certificate:

To export a certificate, follow these instructions.

Step 1: Locate the Certificates folder on the left menu.

Step 2: Go to: Certificates > Personal > Certificates.

Step 3: Right-click on the certificate you want to export, go to All Tasks and click on the Export button.

Step 4: Click the Next button on the Certificate Export Wizard to begin the process.

Step 5: Select Yes, export the private key, and click the Next button.

Step 6: In the next step, choose Personal Information Exchanges - PKCS #12(.pfx) and check to Include all certificates in the certification path if possible, and click on the Next button.

Step 7: Set a password and click on Next.

Important Note: Please store the password in a safe place because it will be required when you import the SSL Certificate to another server.

Step 8: Choose a name for your .pfx file, where you want to export it, and click on the Next button.

Step 9: Click the Finish button to complete the Certificate Export process.

Was this answer helpful?

« Back