Today I wanted to give an Abyss web server the same certificate in use by IIS. Abyss only allows entering keys as blocks of text, so I needed to extract a private key and certificate from a Windows-based pfx file.
This University of Washington article gave me exactly the information I needed to do that with OpenSSL. And yes, OpenSSL was able to handle the password that I had added when I exported the certificate on Windows.
I hope UW doesn’t mind me copying in the key (pun) points:
- Run the following command to export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- Run the following command to export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- Run the following command to remove the passphrase from the private key:
openssl rsa -in key.pem -out server.key