Security converter · runs 100% in your browser

PEM to PFX / PKCS#12 Converter

Bundle a PEM-encoded TLS certificate and its private key into an encrypted PFX (PKCS#12) container, in your browser. Private keys must NEVER be uploaded to a third-party tool — the whole reason this converter exists is so you don't have to. node-forge runs entirely client-side; the key bytes only touch your machine.

No uploadNo signupNo trackingFree, unlimited
Certificate (.pem / .crt)
Drop file here or click to browse
Private key (.key / .pem)
Drop file here or click to browse
CA chain (.pem, optional)
Drop file here or click to browse (optional)

How to use

  1. Drop your certificate (.pem / .crt).
  2. Drop your private key (.key).
  3. (Optional) Drop your CA chain.
  4. Set the export password and friendly name, then click Convert. Save the .pfx — your private key never left your device.

FAQ

Is my private key safe?

Yes. Open DevTools Network tab while you convert — there is no outbound traffic. node-forge runs in pure JavaScript inside your tab. The key only exists in your browser's memory and the resulting .pfx file you download.

What encryption algorithm is used?

3DES with PBKDF2 — the default for PKCS#12 across IIS / Windows / Apache. Compatible with Windows Certificate Manager, IIS, Apache mod_ssl, and HAProxy.

Can I include intermediate CAs?

Yes. Drop the chain PEM in the third slot. The converter detects multiple BEGIN CERTIFICATE blocks and includes them all in the PFX.

Is this really free?

Yes. No signup, no quota, no upgrade tier. The conversion runs on your machine, so it costs us nothing to host.

EGO HERO uses only the cookies and local storage strictly necessary to make this site work. We’d also like to use optional analytics to understand traffic in aggregate. Nothing optional runs until you say yes. See our Cookies Policy and Privacy Policy for details. You can change your choice any time via “Cookie settings” in the footer.