Supported SSL certificates

PFX/PKCS #12 ( *.pfx/.p12/.pkcs12* ) certificates are supported starting from .NET Core 3.1, and PEM certificates are supported starting from .NET 5.0.

PKCS #12 file format is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

For example, a certificate file may contain a public/private key with its single certificate. At the same time, other members of the chain of trust may be specified in a single or several .pfx/.p12 or .pem files using the CaFile property (if the complete chain is needed).

A single PEM file may contain both the certificate and the private key. They also can be stored in two PEM files. In this case, the CertificateLocation property should point to both files, for example, "path_to_cert.pem|path_to_pk.pem".

To convert into the PFX/PKCS #12 format from other format types, use the openssl tool from the OpenSSL Toolkit.

For example, to convert from "Base64 Encoded ( *.pem )" to "Personal Information Exchange - PKCS #12 (*.pfx )", invoke the following command on the PEM file(s):

$ openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

See also

• Full reference to the PEM->PKCS#12 conversion using OpenSSL command line utilities