How do I create a Pfx file

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: https://woap4:8443/coretex/html/newsway/#

It produced this output: (Not Secure) https://woap4/coretex/html/newsway/

My web server is (include version): Apache Tomcat 8.5.86

The operating system my web server runs on is (include version): WINDOW 2019

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

openssl pkcs12 -export -in cert.pem -inkey private_key.pem -out cert.pkx

What if I need a certificate signed by a trusted third party authority like Let's encrypt?

I think @orangepizza assumed that you already had a certificate in some other format (not PFX format) and wanted to "create a PFX file" by converting it.


So how do I get a pfx or pem file from Let’s Encrypt

I do not have any file from any CA

Hello @murugiah,

Using this online tool Open Port Check Tool - Test Port Forwarding on Your Router I see all your TCP Ports are Closed. That would leave only DNS-01 challenge of the Challenge Types - Let's Encrypt to obtain a certificate via ACME; are you using the DNS-01 challenge?


Start here:
Getting Started - Let's Encrypt (


This CA I am trying to obtain is for internal only using chrome. Chrome is throwing out errors.
I cannot go into production with this

https://woap4:8443/coretex/html/newsway/# - my url but cert is not valid as internally signed. So Im trying to get a CA from trusted party

So, for the third time, consult the Getting Started page (link has been given twice above) for information on how to get a cert from Let's Encrypt. They only issue certs for public domain names, though, so you'll need to be able to prove control over one--as explained on that page.


You could also try (which I develop) - it has a deployment task for Apache Tomcat that outputs the required PFX file. See our docs for more specific info on that task as there is some configuration required for Tomcat: Deployment Tasks | Certify The Web Docs

The basic process is:

  • Use the New Certificate option to setup and order a certificate from your certificate authority (the default is Let's Encrypt, there are several options). You need to use a real domain/subdomain you cannot you an internal machine name etc.
  • You can validate your domain using http (if the domain resolves to your server IP and you have TCP port 80 open) or you can use DNS validation if your domain DNS supports an API
  • Once you have successfully acquired a certificate you can add a Deploy to Tomcat task under Tasks, save then hit :arrow_forward:to run the task and copy the cert to the required destination etc. Future renewals will automatically run this task when the cert is renewed.
  • You can also add a Stop/Start/restart task for the tomcat server to restart Tomcat when the cert renews. Some prefer to make this a regular task they perform manually in their maintenance window if restarting is problematic for users.

Got it thank you all

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.