If you submitted a custom Certificate Signing Request (CSR) when generating your DigiCert S/MIME certificate, the certificate you download from DigiCert's collection email will not contain the required private key file. In order to use your S/MIME certificate, you must combine the certificate with its matching private key and create a PKCS#12 file.
DigiCert's collection website allows you to download either a PKCS#7 file (.p7b) which is your S/MIME certificate and DigiCert's intermediate certificates combined in a single file. We recommend downloading this version of the file.
You may also download a zipped folder of your S/MIME certificate and the intermediate certificates saved separately.
Convert Certificate to PKCS#12
There are a few tools you can use to convert your certificate to the correct file type. The process involves combining the certificate, intermediate certificates, and private key into a single PFX format file.
If you are familiar with the OpenSSL library, you can run a few commands to convert your S/MIME certificate. Please make sure the file names match with the command input.
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
SSLShopper Certificate Converter Tool
SSLShopper has a special tool for converting and combining certificates. Click here to access the tool: SSLShopper Certificate Converter
You will need:
- Your S/MIME certificate .p7b file
- Your certificate's matching private key - saved as .key file
On SSLShopper's tool, you will find these options:
- Certificate File to Convert - click Choose File to upload your S/MIME .p7b file.
- Type of Current Certificate - this should automatically detect P7B/PKCS#7
- Type to Convert To - select PFX/PKCS#12
- Once additional file options appear, upload your Private Key (.key format) in the required field.
- Because you are uploading a .p7b file, you do not need to include any additional chain certificates.
- PFX Password - type in a new password for your certificate file.
- Click Convert Certificate.
- You should be prompted to save your new PFX type certificate file on your PC.
You can proceed to install the S/MIME PFX file on the user's PC for use in email signing and encryption.