How to convert a certificate PFX file to CRT/KEY using openssl
Your PFX certificate file is protected with a password. It can be converted to CRT and KEY files using SSL:
openssl pkcs12 -in certfile.pfx -nocerts -out keyfile-encrypted.key
When you enter this command you will be asked to type in the pfx file password in order to extract the key. You will be asked to enter a passphrase for the encrypted key. The key will be stored in keyfile-encrypted.key.
The exported keyfile is encrypted but you might need it in unencrypted format. To unencrypt the key, do:
openssl rsa -in keyfile-encrypted.key -out keyfile.key
You will be asked for the passphrase that you entered in the previous step. The unencrypted key will be stored in keyfile.key.
Then it is time to extract the certificate:
openssl pkcs12 -in certfile.pfx -clcerts -nokeys -out certfile.crt
Again, you will need to enter the pfx file password in order to extract the certificate. The certificate will be stored in certfile.crt.
Leave a Reply
Want to join the discussion?Feel free to contribute!