Converting pfx to pem using openssl

Question

How to generate a  pem CA certificate and client certificate from a PFX file using OpenSSL

User · Answer

Despite that the other answers are correct and thoroughly explained, I found some difficulties understanding them. Here is the method I used (Taken from here):

First case: To convert a PFX file to a PEM file that contains both the certificate and private key:

openssl pkcs12 -in filename.pfx -out cert.pem -nodes

Second case: To convert a PFX file to separate public and private key PEM files:

Extracts the private key form a PFX to a PEM file:

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Exports the certificate (includes the public key only):

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

Removes the password (paraphrase) from the extracted private key (optional):

openssl rsa -in key.pem -out server.key

User · Answer

You can use the OpenSSL Command line tool  The following commands should do the trick  openssl pkcs12 -in client ssl pfx -out client ssl pem -clcerts  openssl pkcs12 -in client ssl pfx -out root pem -cacerts   If you want your file to be password protected etc  then there are additional options   You can read the entire documentation here

User · Answer

Another perspective for doing it on Linux     here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase   openssl pkcs12 -in file pfx -out file pem -nodes   Then you can configure HAProxy to use the file pem file     This is an EDIT from previous version where I had these multiple steps until I realized the -nodes option just simply bypasses the private key encryption  But I m leaving it here as it may just help with teaching   openssl pkcs12 -in file pfx -out file nokey pem -nokeys openssl pkcs12 -in file pfx -out file withkey pem openssl rsa -in file withkey pem -out file key cat file nokey pem file key  gt  file combo pem    The 1st step prompts you for the password to open the PFX  The 2nd step prompts you for that plus also to make up a passphrase for the key  The 3rd step prompts you to enter the passphrase you just made up to store decrypted  The 4th puts it all together into 1 file    Then you can configure HAProxy to use the file combo pem file   The reason why you need 2 separate steps where you indicate a file with the key and another without the key  is because if you have a file which has both the encrypted and decrypted key  something like HAProxy still prompts you to type in the passphrase when it uses it

[openssl] Converting pfx to pem using openssl

First case: To convert a PFX file to a PEM file that contains both the certificate and private key:

Second case: To convert a PFX file to separate public and private key PEM files:

Examples related to openssl

Examples related to pem

Examples related to pfx