This guide explains how to generate a .p12 certificate file required for Salesforce Commerce Cloud (SFCC) code deployment on the staging environment using OpenSSL.
Table of Contents
Prerequisites
- OpenSSL installed (Windows, macOS, or Linux)
- Access to SFCC instance credentials
- Admin access to generate certificates
Step 1: Generate a Private Key and Certificate Signing Request (CSR)
openssl req -new -sha256 -newkey rsa:2048 -nodes -out nitin.req -keyout nitin.key
Example Input:
Country Name (2 letter code) [XX]: US
State or Province Name (full name) [XX]: Tennessee
Locality Name (eg, city) [Default City]: South Pittsburg
Organization Name (eg, company) [Default Company Ltd]: ni18 Blog
Organizational Unit Name (eg, section) [Default Section]: ni18 Blog
Common Name (e.g. server FQDN or YOUR name) []: staging.ni18.com
Email Address []: ask.ni18.in@gmail.com
Step 2: Sign the Certificate Request with SFCC’s CA Certificate
Run the following command to sign your request and generate a .pem file:
openssl x509 -CA cert.staging.na01.ni18.demandware.net_02.crt -CAkey cert.staging.na01.ni18.demandware.net_02.key -CAserial cert.staging.na01.ni18.demandware.net.srl -req -in nitin.req -out nitin.pem -days 365
Step 3: Generate a .p12 File from the Private Key and Certificate
openssl pkcs12 -export -out nitin.p12 -inkey nitin.key -in nitin.pem -certfile cert.staging.na01.ni18.demandware.net_02.crt
- When prompted, set a strong password for the
.p12file (needed for SFCC deployment).
Step 4: Upload the .p12 File to Bitbucket (or CI/CD Pipeline)
- Go to your Bitbucket repository.
- Navigate to Repository Settings > Deployment Variables.
- Upload the
.p12file and set its password as a secure variable.
Step 5: Update Deployment Script
Modify your Bitbucket pipeline or CI/CD script to reference the .p12 file:
node build/uploadCartridges.js --hostname $HOSTNAME \
--username $USERNAME --password $PASSWORD \
--codeversion=$CODEVERSION-$BITBUCKET_COMMIT-$BITBUCKET_BUILD_NUMBER \
--certificate=$CERTIFICATE --passphrase=$PASSPHRASE
Step 6: Validate Deployment
Run the deployment command and ensure the connection is successful:
node build/uploadCartridges.js --debug
If you encounter errors, verify:
- The
.p12file is correctly generated. - The password is correct.
- The SFCC staging hostname, username, and password are valid.
Conclusion
Following this guide ensures that your SFCC staging deployment uses a secure .p12 certificate for authentication. If you face issues, regenerate the certificate or check file permissions.
Troubleshooting
- Permission Denied: Run the commands as Administrator (Windows) or sudo (Linux/Mac).
- Missing Files: Ensure all required files (
.crt,.key,.srl) are in the OpenSSL directory. - Authentication Failure: Confirm the SFCC credentials and certificate details.
For more information, refer to the SFCC documentation or OpenSSL official guides.