Extracting Certificate and Private Key files from a PFX container

If the certification authority provided you with a certificate in the form of a PFX or P12 file, you need to extract the certificate and private key files in PEM encoding. This can be done using the openssl tool.

First, you will need to enter the passphrase that was used when creating the PFX container. After that, you will be able to extract both files:

  • certificate;
  • private key.

To extract the private key file, run the command:

openssl pkcs12 -in source.pfx -nocerts -nodes -out key.pem

To extract the certificate file, use the following command:

openssl pkcs12 -in source.pfx -clcerts -nokeys -out cert.pem

After running these commands, you will get two files:

  • key.pem — this is an RSA private key file in PEM format (without a passphrase).
  • cert.pem — an X.509 certificate file encoded in PEM. These files can be used to replace the web interface certificate.

Similar Articles