The PKCS # 12 or .pfx file is a file containing both the private key and the X.509 certificate, ready to be installed by the client in servers such as IIS, Tomcat or Exchange. Certificate Signing Request (CSR) generation is one of the frequent problem areas for customers wanting to secure their servers. PKCS # 12 removes the need for a customer to create their own CSR. Instead, a certificate authority creates a CSR securely on behalf of the client during the certificate application process.
PKCS # 12 Tour
The process for applying and installing a digital certificate is not the same with a PKCS # 12 or .pfx file. PKCS # 12 files can only be generated for domain valid SSL (DV) and organization valid SSL (OV) certificates. Extended Validation Certificate SSL (EV) must go through a manual certificate to sign the request certificate as the vetting process will not allow for automated CSR. The .pfx file delivery defaults when delivering a digital certificate and private keys for a document signing certificate or code signing certificate order (except Java).
Here you need to know about the process from application to installation.
During the application process, instead of asking you to create your own CSR, you are promoted to the password for your PKCS # 12 file. This password is provided with a GlobalSign system generated password, which provides a longer and stronger password, which needs to be deleted and installed once PKCS # 12. We remove PKCS # 12 from our system after 30 days for security. You are also asked for information on the DN (unique name) required to issue the certificate. For the two types of available certifications, DN requirements are:
Domain valid SSL:
Certificate Common Name (the domain where the certificate will be used) and country.Organization Valid SSL: Certificate Common Name (domain name where the certificate will be used), Organization Name, Department, State, and Country.
Waiting is similar to standard applications and is dependent on the certificate type.Domain valid SSL: GlobalSign sends an approval email to the owner of the domain name referenced in the application. We also support DNS and meta-tag domain verification methods.
Organization Valid SSL: GlobalSign verifies the ownership of the company through a third-party database and also validates the applicant’s right to use the domain referenced in the application.
The issued certificate is given in a PKCS # 12 file containing both the private key and the certificate. PKCS # 12 is made available to partners through GlobalSign’s Certificate Center (GCC) or our API. End customers can install their PKCS # 12 file using instructions from the GlobalSign Help Center.
How to install PKCS # 12 or .pfx file
Instructions vary depending on your system and browser. You can find our installation guide in the list below.
GlobalSign Installation Guides
We offer several installation guides from our support website to help you easily download and install your PKCS # 12 file. If you have any problem, do not hesitate to contact our support team.
Is the PKCS # 12 file safe?
When creating CSR for our clients it is often asked about the level of security. As we generate the private key ourselves, we need to take extra precautions to ensure that it remains secure. GlobalSign follows strict procedures and guidelines to do this. The dominant pair is generated using random numbers based on several factors. FIPS 140 Level 3 cryptographic hardware is used to generate your key pair and certificate request.
Finally, to secure the .pfx file in transit, GlobalSign uses high security passwords of up to 50 characters in length, our system adds another eight random characters.It is also worth noting that GlobalSign never stores our customers’ private keys on our servers. Once your private key is sent, you have full access.
A PKCS # 12 or .pfx file is a simple way to create a digital certificate. This can save time and eliminate the difficulty of generating your CSR if you are less certain to do so. While the generation of a .pfx file is not available for all digital certificates, it does cover a range of solutions.