Create .pem/.key/.crt Files from a .pfx Certificate Using OpenSSL on Windows

  1. First off, go and get OpenSSL:

Now that you are installed and ready to go you should now have a browsable file path to OpenSSL (i.e. C:\OpenSSL)

2. Obtain your PFX file and (for simplicity) place your PFX file in your OpenSSL directory.

(In this example we will assume we have a .pfx file called mycertificate.pfx and your OpenSSL directory is C:\OpenSSL)

3. Run this in command prompt (in your OpenSSL directory) to get the .pem file:

 
openssl pkcs12 -in mycertificate.pfx -out mypemfile.pem

You should now have a .pem file generated from your PFX file.

4. Run this in command prompt (in your OpenSSL directory) to extract the encrypted private key:

 
openssl pkcs12 -in mypemfile.pem -out myencryptedkey.key

You should now have the extracted encrypted private key out of the .pem file.

5. Run this in command prompt (in your OpenSSL directory) to create a decrypted private key from the encrypted version

 
openssl rsa -in myencryptedkey.key -out mydecryptedkey.key

You should now have the decrypted private key from your encrypted version.

6. Run this in command prompt (in your OpenSSL directory) to extract a .crt file from your PFX file:

 
openssl pkcs12 -in mycertificate.pfx -clcerts -nokeys -out certificate.crt

You should now an extracted .crt file from the PFX file.

That’s it! You should now have encrypted/decrypted keys as well as your .pem and .crt versions of your original PFX files. Happy certificating (I need to coin that term). Questions are always welcome.

Advertisements