Make PFX file out of pem & key files

$ openssl pkcs12 -export -out [foler you want pfx to end up in] -inkey [folder containing key.pem] -in [folder containing pem.key]

ex.

$ openssl pkcs12 -export -out ~/Downloads/jellyfin.pfx -inkey ~/Downloads/key.pem -in ~/Downloads/cert.pem

Create Self Signed Certificate

Let’s create a password-protected, 2048-bit RSA private key (domain.key) with the openssl command:

openssl genrsa -des3 -out domain.key 2048

We’ll enter a password when prompted. The output will look like:

Generating RSA private key, 2048 bit long modulus (2 primes)
.....................+++++
.........+++++
e is 65537 (0x010001)
Enter pass phrase for domain.key:
Verifying - Enter pass phrase for domain.key:

Let’s create a CSR (domain.csr) from our existing private key:

openssl req -key domain.key -new -out domain.csr

We’ll enter our private key password and some CSR information ** most important is domain when asked common name.

We can also create both the private key and CSR with a single command:

openssl req -newkey rsa:2048 -keyout domain.key -out domain.csr

If we want our private key unencrypted, we can add the -nodes option:

openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Let’s create a self-signed certificate (domain.crt) with our existing private key and CSR:

openssl x509 -signkey domain.key -in domain.csr -req -days 365 -out domain.crt

PKCS12 files, also known as PFX files, are usually used for importing and exporting certificate chains in Microsoft IIS.

We’ll use the following command to take our private key and certificate, and then combine them into a PKCS12 file:

openssl pkcs12 -inkey domain.key -in domain.crt -export -out domain.pfx