Generate P12 private key file for Commerce Cloud

September 8, 2020 | | No Comments

I recently had to generate a P12 private key file for use in our Salesforce Commerce Cloud instance and spent a little more time on finding a solution than I’d like to admit. So I figured I would leave this here for mine (and anyone else’s) future reference. NOTE: all of these steps were done on Ubuntu 20. I haven’t tried it on MacOS or Windows but assuming you are able to use the same tools it should work.

The key was to be used to communicate with a remote server for a file exchange process and we wanted to utilize the private key for remote authentication. As such I’ve omitted the steps to copy the public key to the remote server since this process is outside the scope of this article. But a quick search for “ssh-copy-id” should point you in the right direction.

To create the P12 file:

1. generate your public/private key combo with ssh-keygen, making sure to utilize the “-m” flag to specify the “pem” format since by default ssh-keygen creates the file in an OpenSSH-specific format. You can see more details by running “man ssh-keygen” and take a look thru the manual for the command.

ssh-keygen -m pem

It’s up to you whether or not you want to add a passphrase to the key. If you want to omit a password just press “enter” when prompted for the phrase and confirmation and no passphrase will be added.

2. once your public and private keys have been generated create the self-signed certificate using the private key you just generated. If you want the certificate to have a far future expiration date (default is 30 days) you need to make sure to include the “-days” flag with whatever value you want to set. In our example we set it to 1825 days (5 years).

openssl req -new -x509 -days 1825 -key private-key-name -out certificate-name.cer

Here we are generating a X.509 certificate using key “private-key-name” that was generated in step 1 and saving it to “certificate-name.cer”. This command will take you thru steps that include adding certificate details (e.g. country, state, organization name). Anything that shows empty square brackets as the default value can be left blank.

Once complete your current directory should now include the following 3 files:


3. To generate the p12 file:

openssl pkcs12 -export -out sfcc-key.p12 -inkey private-key-name -in certificate-name.cer

where -inkey is the private key you created in step 1 and -in is the certificate generated in step 2. You can opt to create an export password or leave it empty. If you opt to create the password you will need to keep note of it as it will be needed when adding the key to Commerce Cloud.

The directory should now contain the following files:


You can now upload the key (sfcc-key.p12) to Business Manager via “Administration > Operations > Private Keys and Certificates”.