[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension:v3:en:pfx":3},{"resolvedFromAlias":4,"canonicalExt":5,"ext":5,"name":6,"category":7,"categoryName":8,"updatedAt":9,"popularity":10,"summary":11,"howToOs":12,"quickAnswer":18,"answerIntro":19,"whatIs":20,"description":21,"furtherReading":22,"openInstructions":38,"commonIssues":52,"securityNotes":72,"faq":76,"aliases":89,"mimeTypes":91,"relatedExtensions":93,"breadcrumbs":138,"categoryAnchor":148,"categoryFuturePath":149,"metaDescription":150,"availableHowToOs":151,"openOnDeviceLinks":152,"cannotOpenReasons":168,"cannotOpenFixes":169,"convertOptions":170,"securityAffiliateMessaging":171,"securityAffiliates":172},false,"pfx","Personal Information Exchange (PFX)","certificates","Certificates","2026-06-12T08:13:30.475Z",78,".pfx is a PKCS #12 (PFX) container used to bundle certificates and (often) the associated private key into a single, typically password-protected file for import/export between systems.",[13,14,15,16,17],"windows","mac","linux","ios","android","To open .PFX files on Windows, import into Windows certificate store using PowerShell: run Import-PfxCertificate with the .pfx path and a target certificate store location (for example, CurrentUser or LocalMachine stores).","To open a .pfx file, you typically import it into a certificate store (common on Windows) or inspect/extract it with OpenSSL. Because .pfx files often include a private key, handle them like a sensitive credential and only open them if you trust the source.","A .pfx file is a PKCS #12 container (also called PFX) defined by RFC 7292. It is an ASN.1-based structure designed to carry “personal information exchange” data such as certificates and private keys, commonly protected with a password. In practice, PKCS #12 files commonly use the .p12 or .pfx extensions.","PKCS #12 (also known as PFX) is widely used to move certificates and their private keys between machines and applications in a single file. This is especially common for TLS/SSL server certificates, client authentication certificates, and code-signing identities when they need to be backed up or deployed elsewhere.\n\nThe format is standardized in RFC 7292, which specifies the container syntax and structure. Many tools treat “PFX” as the same thing as PKCS #12; the extension .p12 is also commonly used for the same container type.\n\nOn Windows, .pfx is commonly imported into the Windows certificate stores, where applications can use the certificates and keys without directly reading the file each time. On many platforms, OpenSSL is a common way to inspect contents or convert/export certificates and keys from a .pfx container.",[23,26,29,32,35],{"title":24,"url":25},"RFC 7292: PKCS #12: Personal Information Exchange Syntax v1.1","https://www.rfc-editor.org/info/rfc7292/",{"title":27,"url":28},"OpenSSL documentation: openssl-pkcs12","https://docs.openssl.org/3.3/man1/openssl-pkcs12/",{"title":30,"url":31},"Microsoft Learn: Import-PfxCertificate (pki)","https://learn.microsoft.com/en-us/powershell/module/pki/import-pfxcertificate?view=windowsserver2025-ps",{"title":33,"url":34},"IANA Media Types registry (application/pkcs12)","https://www.iana.org/assignments/media-types",{"title":36,"url":37},"Wikipedia: PKCS 12","https://en.wikipedia.org/wiki/PKCS_12",{"windows":39,"macos":42,"linux":45,"ios":48,"android":50},[40,41],"Import into Windows certificate store using PowerShell: run Import-PfxCertificate with the .pfx path and a target certificate store location (for example, CurrentUser or LocalMachine stores).","If prompted, enter the .pfx password; after import, verify the certificate appears in the expected Windows certificate store.",[43,44],"Use OpenSSL to inspect it: open Terminal and run: openssl pkcs12 -in file.pfx -info","Enter the import password when prompted to view contained certificates/keys (do not paste private key output into logs).",[46,47],"Inspect or extract with OpenSSL: openssl pkcs12 -in file.pfx -info","If you need to export materials, use OpenSSL’s pkcs12 command options to output certificates and/or keys (keep exported private keys protected).",[49],"iOS can receive .pfx as a certificate identity for installation, but the exact flow varies by deployment method; if you cannot install it safely, transfer the file to a desktop and inspect/import with Windows (Import-PfxCertificate) or OpenSSL.",[51],"Android can be used to install certificate identities in some scenarios, but if installation is not available or you need to inspect the contents, transfer the file to a desktop and use OpenSSL (openssl pkcs12) or Windows import.",[53,60,66],{"title":54,"description":55,"steps":56},"Wrong password or import fails due to encryption/MAC verification","Many .pfx files are password-protected; if the password is wrong (or the file is corrupted), tools may fail to verify or decrypt the container contents.",[57,58,59],"Confirm you have the correct .pfx password from the issuer/admin who generated the PKCS #12 file.","Try inspecting with OpenSSL to see clearer error output: openssl pkcs12 -in file.pfx -info","If you suspect corruption, re-export/regenerate the .pfx from the original system that produced it.",{"title":61,"description":62,"steps":63},"Certificate imports but private key is missing","A PKCS #12 container can hold certificates without a private key, or the private key may not be exportable/was not included when the file was created.",[64,65],"Inspect with OpenSSL to confirm whether a private key is present: openssl pkcs12 -in file.pfx -info","If no private key is included, request a new .pfx export that includes the private key (or obtain the key through the proper key management process).",{"title":67,"description":68,"steps":69},"Imported into the wrong Windows certificate store (app can’t find it)","On Windows, importing to the wrong store location (CurrentUser vs LocalMachine, or wrong logical store) can make applications unable to locate the certificate/key pair.",[70,71],"Re-import using Import-PfxCertificate and choose the correct target store location for your application (for example, a LocalMachine store for services).","After import, confirm the certificate appears in the intended store and that the private key is associated with it.",[73,74,75],".pfx/PKCS #12 files often contain a private key; anyone with the file and its password may be able to impersonate the identity (for example, a TLS server or client certificate). Store and transmit .pfx files as sensitive secrets.","Avoid exporting private keys from a .pfx unless necessary; extracted keys are easier to leak via logs, backups, or accidental sharing.","Only import a .pfx you trust. Importing a malicious or untrusted identity into your certificate store can enable unwanted trust relationships or credential misuse.",[77,80,83,86],{"question":78,"answer":79},"Is .pfx the same as .p12?","In practice, yes: both extensions are commonly used for PKCS #12 containers. The standardized container format is PKCS #12 (PFX) as defined in RFC 7292.",{"question":81,"answer":82},"What MIME type should be used for .pfx files?","The IANA-registered media type for PKCS #12 is application/pkcs12.",{"question":84,"answer":85},"How can I see what’s inside a .pfx file?","Use OpenSSL’s pkcs12 command to inspect it, for example: openssl pkcs12 -in file.pfx -info. You will typically be prompted for the container password.",{"question":87,"answer":88},"How do I import a .pfx on Windows for system use?","Use PowerShell’s Import-PfxCertificate to import into the appropriate Windows certificate store (for example, a LocalMachine store for services), providing the .pfx path and password as required.",[90],"p12",[92],"application/pkcs12",[94,100,105,111,116,121,127,132],{"ext":95,"name":96,"category":7,"categoryName":8,"popularity":97,"summary":98,"howToOs":99},"pem","PEM-encoded Certificate",75,".pem is a text-based container format commonly used to store X.509 certificates, certificate chains, and sometimes private keys in Base64 with BEGIN/END markers. It is widely used by TLS software such as OpenSSL and Apache HTTP Server.",[13,14,15,16,17],{"ext":90,"name":101,"category":7,"categoryName":8,"popularity":102,"summary":103,"howToOs":104},"PKCS#12 Certificate Bundle",65,".p12 is a PKCS #12 (also called PFX) container used to bundle an X.509 certificate chain together with its corresponding private key, typically protected by a password. It’s commonly opened/imported by certificate/key management tools such as Apple Keychain Access and OpenSSL.",[13,14,15,16,17],{"ext":106,"name":107,"category":7,"categoryName":8,"popularity":108,"summary":109,"howToOs":110},"csr","PKCS #10 Certificate Signing Request",55,".csr files are certificate signing requests used to obtain an X.509 certificate from a certificate authority (CA). They commonly contain a PKCS #10 request encoded as PEM (text) or DER (binary) and can be inspected or generated with OpenSSL.",[13,14,15,16,17],{"ext":112,"name":113,"category":7,"categoryName":8,"popularity":108,"summary":114,"howToOs":115},"der","DER-encoded X.509 Certificate",".der files most commonly contain binary DER-encoded ASN.1 data, especially X.509 certificates. They are typically opened for inspection or conversion using certificate tools such as OpenSSL.",[13,14,15,16,17],{"ext":117,"name":118,"category":7,"categoryName":8,"popularity":108,"summary":119,"howToOs":120},"p7b","PKCS #7 Certificate Bundle (P7B)",".p7b is a PKCS #7 container most commonly used to bundle X.509 certificates (and sometimes certificate revocation lists) for import or exchange. It typically does not include a private key and is often used in S/MIME and certificate deployment workflows.",[13,14,15,16,17],{"ext":122,"name":123,"category":7,"categoryName":8,"popularity":124,"summary":125,"howToOs":126},"ac","X.509 Attribute Certificate",35,".ac most commonly refers to an X.509 Attribute Certificate (authorization certificate) used in PKIX systems to carry privileges/roles separately from an identity certificate.",[13,14,15,16,17],{"ext":128,"name":129,"category":7,"categoryName":8,"popularity":124,"summary":130,"howToOs":131},"p7s","PKCS #7 / S/MIME Digital Signature (detached signature)",".p7s files are PKCS #7 signature objects most commonly used as detached digital signatures for S/MIME-signed email. You typically open them by verifying the signature in an email client or by inspecting/verifying with OpenSSL.",[13,14,15,16,17],{"ext":133,"name":134,"category":7,"categoryName":8,"popularity":135,"summary":136,"howToOs":137},"p7c","PKCS #7 / CMS certificate container (certs-only SignedData)",25,".p7c is a PKCS #7/CMS container most commonly used to carry X.509 certificates (often a “certs-only”/degenerate SignedData structure). It’s typically opened or inspected with certificate tools or OpenSSL rather than a document viewer.",[13,14,15,16,17],[139,142,145],{"label":140,"to":141},"Home","/",{"label":143,"to":144},"File Extension Index","/file-extension",{"label":146,"to":147},".PFX","/file-extension/pfx","category-certificates","/category/certificates","Learn what .PFX files are, how to open them on every platform, common fixes, and security best practices.",[13,14,15,16,17],[153,156,159,162,165],{"os":13,"label":154,"to":155},"Open .PFX on Windows","/how-to/open-pfx-on-windows",{"os":14,"label":157,"to":158},"Open .PFX on Mac","/how-to/open-pfx-on-mac",{"os":15,"label":160,"to":161},"Open .PFX on Linux","/how-to/open-pfx-on-linux",{"os":16,"label":163,"to":164},"Open .PFX on iOS","/how-to/open-pfx-on-ios",{"os":17,"label":166,"to":167},"Open .PFX on Android","/how-to/open-pfx-on-android",[54,61,67],[57,58,59],[],"untrusted_source",[173,177],{"name":174,"description":175,"affiliateUrl":176},"Avast","Avast offers free and premium antivirus software that protects against viruses, malware, ransomware, and phishing. Scan files before opening them to ensure safety.","https://www.avast.com/lp-aff-consumer-store?expid=inf601",{"name":178,"description":179,"affiliateUrl":180},"Norton","Norton 360 delivers comprehensive antivirus protection, VPN, and identity theft monitoring. Scan files for threats before opening to keep your device secure.","http://buy.norton.com/aff_home?utm_campaign=en-ww_nor_n36_aff_nas_nau_nah_cj_nad_low:_sec_nat_mktc_norton_360"]