Converting PKCS 12 certificate into PEM using OpenSSL

Question

I have OpenSSL x64 on Windows 7 which I downloaded from openssl-for-windows on Google Code  I m attempting to run   openssl pkcs12 -export -in  path p12  -out  newfile pem     but I get an error     unable to load private key   How do I extract the certificate in PEM from PKCS 12 store using OpenSSL

User · Accepted Answer

Try  openssl pkcs12 -in path p12 -out newfile crt pem -clcerts -nokeys openssl pkcs12 -in path p12 -out newfile key pem -nocerts -nodes  After that you have   certificate in newfile crt pem private key in newfile key pem  To put the certificate and key in the same file without a password  use the following  as an empty password will cause the key to not be exported  openssl pkcs12 -in path p12 -out newfile pem -nodes  Or  if you want to provide a password for the private key  omit -nodes and input a password  openssl pkcs12 -in path p12 -out newfile pem  If you need to input the PKCS 12 password directly from the command line  e g  a script   just add -passin pass   PASSWORD   openssl pkcs12 -in path p12 -out newfile crt pem -clcerts -nokeys -passin  pass P s5w0rD

User · Answer

If you can use Python  it is even easier if you have the pyopenssl module  Here it is   from OpenSSL import crypto    May require    for empty password depending on version  with open  push p12    rb   as file      p12   crypto load pkcs12 file read     my passphrase      PEM formatted private key print crypto dump privatekey crypto FILETYPE PEM  p12 get privatekey       PEM formatted certificate print crypto dump certificate crypto FILETYPE PEM  p12 get certificate

User · Answer

I had a PFX file and needed to create KEY file for NGINX  so I did this   openssl pkcs12 -in file pfx -out file key -nocerts -nodes   Then I had to edit the KEY file and remove all content up to -----BEGIN PRIVATE KEY-----  After that NGINX accepted the KEY file

User · Answer

There is a free and open-source GUI tool KeyStore Explorer to work with crypto key containers  Using it you can export a certificate or private key into separate files or convert the container into another format  jks  pem  p12  pkcs12  etc

User · Answer

You just need to supply a password   You can do it within the same command line with the following syntax   openssl pkcs12 -export -in  path p12  -out  newfile pem  -passin pass  password    You will then be prompted for a password to encrypt the private key in your output file   Include the  nodes  option in the line above if you want to export the private key unencrypted  plaintext    openssl pkcs12 -export -in  path p12  -out  newfile pem  -passin pass  password  -nodes   More info  http   www openssl org docs apps pkcs12 html

User · Answer

If you need a PEM file without any password you can use this solution   Just copy and paste the private key and the certificate to the same file and save as  pem   The file will look like   -----BEGIN PRIVATE KEY-----                                                           -----END PRIVATE KEY----- -----BEGIN CERTIFICATE-----                                                         -----END CERTIFICATE-----   That s the only way I found to upload certificates to Cisco devices for HTTPS

[openssl] Converting PKCS#12 certificate into PEM using OpenSSL

Examples related to openssl

Examples related to command

Examples related to pkcs#12