Howtos / Articles

Extract the public certificate and private key from a pfx file using OpenSSL

This guide will show you how to convert a .pfx certificate file into its separate public certificate and private key files. This can be useful if you want to export a certificate (in the pfx format) from a Windows server, and load it into Apache or Nginx for example, which requires a separate public certificate and private key file.

In the examples below, the following files will be used:

domain.name.pfx – This will be the PFX file containing the public certificate and private key.

domain.name.crt – This is the public certificate file outputted by OpenSSL.

domain.name.key – This is the private encryption key for the above certificate outputted by OpenSSL.

Extracting the public certificate from the pfx file

$ openssl pkcs12 -in domain.name.pfx -clcerts -nokeys -out domain.name.crt

Enter in the password for the PFX file when asked. You cant export the certificate or key if you don’t have this password.

You will now have the public certificate file (eg: domain.name.crt).

Extracting the private key from the pfx file

$ openssl pkcs12 -in domain.name.pfx -nocerts -nodes -out domain.name.key

Enter in the password for the PFX file when asked. You cant export the certificate or key if you don’t have this password.

You will now have the private key file (eg: domain.name.key).



Share this howto article!
  • Facebook
  • Twitter
  • Reddit
  • email

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>