# PKCS#12 PKCS#12 is also known as PFX, especially in Windows environments. Common file endings are therefore .pfx and .p12. It contains X.509 certificates and almost always corresponding private keys, although that is actually not technically enforced. Data in a PKCS#12 file is usually encrypted to passwords. Often, only the private key is encrypted, so you could extract the certificates without knowing the passwords if your application allows it (most of them do not). While PKCS#12 is the most common way in Windows environments to store a certificate and its private key in a file. In Linux environments, PEM-encoded PKCS#8 files are more common. Because the standard provides many options how to store certificates and private keys in nested "safebags", PKCS#12 files have some compatibility problems, like: * Windows is renowned for associating private keys in PKCS#12 with all certificates extracted from the file, not just the one it is meant for. If the PKCS#12 contains a certificate chain, Windows might display that it has the private key for the CA certificate. * On MacOS, you cannot import PKCS#12 files if the cryptographic algorithms are too new. * It might be necessary to encrypt the certificates in a PKCS#12 file in order for receiving applications to extract them. But some only support only very old and weak algorithms, which is usually not a problem, since the information is public anyway. But OpenSSL 3.x does not support these old and vulnerable algorithms and refuses to open the PKCS#12. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.x509.wiki/important-data-formats/pkcs-12.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.