Skip to main content

Convert Private Key and Public Key into a PFX certificate


Certificates in the CA Bundle MUST be in the following order.

  1. Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
  2. Intermediate CA Certificate - USERTrustRSAAAACA.crt
  3. Root CA Certificate - AAACertificateServices.crt

1. Create the Certificate Bundle

cat SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt > ca-bundle.crt

2. Generate the PFX Certificate


You will be prompted to specify a passphrase for PFX certificate. Please make sure to remember it. When you are importing the PFX certificate, you must specify the passphrase.

openssl pkcs12 -export -out tls.pfx -inkey tls.key -in tls.crt -certfile ca-bundle.crt

3. References

  1. Create a Self-Signed Certificate for Nginx in 5 Minutes
  2. Establishing Trust to Your Cluster’s CA and Importing Certificates
  3. How to convert certificates into different formats using OpenSSL