Some services require a combined pfx
file to provide TLS to a client
The easiest way is to utilize openssl on the command line. Assuming you already have the .crt
and
.key
files, run the following command.
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
If you have a root CA and intermediate certs, then include them as well using multiple -in params
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt
If you have a bundled crt file that you use, for example, with nginx, you can pass that in along with the cert all in one:
cat domain.name.crt | tee -a domain.name.bundled.crt
cat intermediate.crt | tee -a domain.name.bundled.crt
cat rootca.crt | tee -a domain.name.bundled.crt
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.bundled.crt