How do I convert my PEM format certificate to PKCS12 as required by the Java and .NET SDKs?
To convert your PEM certificate to a PKCS12 certificate, use a third-party tool. PayPal recommends OpenSSL, which you can download at www.openssl.org. The following instructions assume that you retain the default certificate filename of "cert_key_pem.txt."
Before you begin, note the following:
- Windows users - If you get an error saying "openssl is not recognized as an internal or external command, operable program or batch file," this means that openssl is not in your PATH. To resolve this, either add the directory that contains the OpenSSL binary to your system PATH or save your PEM certificate file in the directory where the OpenSSL binary is. Depending on where you've installed OpenSSL, you should find the OpenSSL binary (openssl.exe) in the OpenSSL installation bin folder.
- UNIX users - These instructions and screenshots are Windows-centric. Most UNIX hosts have OpenSSL already installed. If you're on a UNIX host, the command to convert the PEM to a .p12 file is the same as for Windows. Check to see if you have OpenSSL by typing openssl at the command line and pressing Enter. If you get anything other than an error indicating that OpenSSL can't be found, your machine likely has OpenSSL already installed and you can try running the command in Step 2.
- PHP SDK users - This article applies only to the .NET and Java SDKs. PHP SDK users don't need to convert their PEM certificate to the .p12 format.
- Open a command prompt and navigate to the directory that contains the cert_key_pem.txt file.
- Execute the following OpenSSL command to create a PKCS12 (.p12) file:
openssl pkcs12 -export -inkey cert_key_pem.txt -in cert_key_pem.txt -out cert_key.p12
Note: To convert a PKCS12 certificate to PEM, use the following command:
openssl pkcs12 -in cert_key.p12 -out cert_key.pem -nodes
- After you enter the command, you'll be prompted to enter an Export Password. Choose a password or phrase and note the value you enter (PayPal documentation calls this the "private key password.")
- A file called cert_key.p12 is created in this directory. This is your .p12 file.