Generating a PKCS#12 file
The PKCS#12 file is a type of certificate file that can be installed in the Windows™ Certificate Store. Create a PKCS#12 file if you want to use this as your private key for the System Vault.
Before you begin
- See Generating self-signed certificates before proceeding.
- You need OpenSSL installed. See Generating a private and public key pair for more information.
Procedure
You have to use the previously generated certificate to generate a PKCS#12 file.
-
Open the OpenSSL command prompt and type
openssl
to start the application. -
Type the following command:
pkcs12 -export -in C:\path\to\certificatename.crt -inkey C:\path\to\keyname.key -out C:\path\to\newpkcs12.pfx
Where
C:\path\to\certificatename.crt
is the path to the certificate file,C:\path\to\keyname.key
is the path to the private key file, andC:\path\to\newpkcs12.pfx
is the path to the PKCS#12 file that you want to create. -
Optional: If there is a
.bundle
file:pkcs12 -export -in certificatename.crt -inkey keyname.key -certfile bundlefile.bundle -out newpkcs12.pfx
Notes:
- Both commands require the pass phrase to unlock the
keyname.key
file, and a new password to protect the PKCS#12 file. - You must create the folders of the required paths if they do not exist.
What to do next
After generating a PKCS#12 file, you can install it in the Certificate Store and configure the System Vault to use it. See the following links for more information: