Extracting Certificate and Private Key Files from a .pfx File

Today I wanted to give an Abyss web server the same certificate in use by IIS. Abyss only allows entering keys as blocks of text, so I needed to extract a private key and certificate from a Windows-based pfx file.

This University of Washington article gave me exactly the information I needed to do that with OpenSSL. And yes, OpenSSL was able to handle the password that I had added when I exported the certificate on Windows.

I hope UW doesn’t mind me copying in the key (pun) points:

  • Run the following command to export the private key:
    openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
  • Run the following command to export the certificate:
    openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
  • Run the following command to remove the passphrase from the private key:
    openssl rsa -in key.pem -out server.key

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.