ZeroSSL by default supplies certificates in PEM format. To convert your certificate to PKCS12 please follow these steps:

  1. Download your certificate from ZeroSSL and unzip it to a folder on your harddisk
  2. If you're using Windows, install OpenSSL and add it to your path. This guide might be helpful. MacOS has Openssl pre-installed, most Linux distributions as well.

  3. On MacOS and Linux, open a terminal (on Windows, open a command prompt) and change to the directory where you extracted the certificates to
  4. Run the following commands to generate the "certificate.p12" PKCS12 file:

On MacOS or Linux:

cat certificate.crt ca_bundle.crt > full_chain.crt
openssl pkcs12 -export -out certificate.p12 -inkey private.key -in full_chain.crt

(input any export password for future import use)

The export password (and import password later) should be inputted here


On Windows:
(copy the certificate files to C:\Program Files\OpenSSL-Win64\bin and run cmd as administrator at that folder path)

copy /b certificate.crt + ca_bundle.crt full_chain.crt
openssl pkcs12 -export -out certificate.p12 -inkey private.key -in full_chain.crt

(input any export password for future import use)

Convert to pfx file

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.txt -in full_chain.crt -certfile ca_bundle.crt

  • No labels