Tweet
Extract Private Key from PFX
The following command will extract the private key from the .pfx file. A new file private-key.pem will be created in current directory. This command required a password set on the pfx file.
Open the result file (private-key.pem) and copy text between and encluding —–BEGIN PRIVATE KEY—– and —–END CERTIFICATE—– text.
Extract Certificate from PFX
Then extract the certificate file. The following command will extract the certificate from the .pfx file. You can find the certificate in file named certificate.pem.
Open the result file (certificate.pem) and copy text between and encluding —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– text. This file may also include the other certificate chain. The first block will be your domain certificate and others will be the chain. You can copy all the certificates in one file and use it.
If you need the private key in old RSA format, you should convert the given key with the openssl pkcs8 command:
The following command will extract the private key from the .pfx file. A new file private-key.pem will be created in current directory. This command required a password set on the pfx file.
Code:
openssl pkcs12 -in [B]myfile.pfx[/B] -nocerts -out [B]private-key.pem[/B] -nodes Enter Import Password:
Extract Certificate from PFX
Then extract the certificate file. The following command will extract the certificate from the .pfx file. You can find the certificate in file named certificate.pem.
Code:
openssl pkcs12 -in [B]myfile.pfx[/B] -nokeys -out [B]certificate.pem[/B] Enter Import Password:
If you need the private key in old RSA format, you should convert the given key with the openssl pkcs8 command:
Code:
openssl pkcs8 -in key.pem -out rsakey.pem