SFCC Code Deployment: Generating a .p12 File for Staging

SFCC Code Deployment: Generating a .p12 File for Staging

by

This guide explains how to generate a .p12 certificate file required for Salesforce Commerce Cloud (SFCC) code deployment on the staging environment using OpenSSL.

Prerequisites

  • OpenSSL installed (Windows, macOS, or Linux)
  • Access to SFCC instance credentials
  • Admin access to generate certificates

Step 1: Generate a Private Key and Certificate Signing Request (CSR)

openssl req -new -sha256 -newkey rsa:2048 -nodes -out nitin.req -keyout nitin.key

Example Input:

Country Name (2 letter code) [XX]: US
State or Province Name (full name) [XX]: Tennessee
Locality Name (eg, city) [Default City]: South Pittsburg
Organization Name (eg, company) [Default Company Ltd]: ni18 Blog
Organizational Unit Name (eg, section) [Default Section]: ni18 Blog
Common Name (e.g. server FQDN or YOUR name) []: staging.ni18.com
Email Address []: ask.ni18.in@gmail.com

Step 2: Sign the Certificate Request with SFCC’s CA Certificate

Run the following command to sign your request and generate a .pem file:

openssl x509 -CA cert.staging.na01.ni18.demandware.net_02.crt -CAkey cert.staging.na01.ni18.demandware.net_02.key -CAserial cert.staging.na01.ni18.demandware.net.srl -req -in nitin.req -out nitin.pem -days 365

Step 3: Generate a .p12 File from the Private Key and Certificate

openssl pkcs12 -export -out nitin.p12 -inkey nitin.key -in nitin.pem -certfile cert.staging.na01.ni18.demandware.net_02.crt
  • When prompted, set a strong password for the .p12 file (needed for SFCC deployment).

Step 4: Upload the .p12 File to Bitbucket (or CI/CD Pipeline)

  1. Go to your Bitbucket repository.
  2. Navigate to Repository Settings > Deployment Variables.
  3. Upload the .p12 file and set its password as a secure variable.

Step 5: Update Deployment Script

Modify your Bitbucket pipeline or CI/CD script to reference the .p12 file:

node build/uploadCartridges.js --hostname $HOSTNAME \
--username $USERNAME --password $PASSWORD \
--codeversion=$CODEVERSION-$BITBUCKET_COMMIT-$BITBUCKET_BUILD_NUMBER \
--certificate=$CERTIFICATE --passphrase=$PASSPHRASE

Step 6: Validate Deployment

Run the deployment command and ensure the connection is successful:

node build/uploadCartridges.js --debug

If you encounter errors, verify:

  • The .p12 file is correctly generated.
  • The password is correct.
  • The SFCC staging hostname, username, and password are valid.

Conclusion

Following this guide ensures that your SFCC staging deployment uses a secure .p12 certificate for authentication. If you face issues, regenerate the certificate or check file permissions.

Troubleshooting

  • Permission Denied: Run the commands as Administrator (Windows) or sudo (Linux/Mac).
  • Missing Files: Ensure all required files (.crt, .key, .srl) are in the OpenSSL directory.
  • Authentication Failure: Confirm the SFCC credentials and certificate details.

For more information, refer to the SFCC documentation or OpenSSL official guides.

Leave a Comment