I needed to get .pem’s out of a .pfx recently for an application that did not have an easy method to upload a .pfx.  It ran on top of a debian distro so I figured it was easier to just drop the .pem’s where they need to be, but then I realized I’ve never taken a .pfx and split it up before.  Perfect time to figure it out right?  Luckily the issue wasn’t all that important (was a test/dev thing), so that’s just what I did.  Here is what I came up with:

1.) Install OpenSSL on a machine

2.) Copy .pfx file to that computer

3.) Run the following to get the key.pem:

4.) Run the following to get the crt.pem

That should do it for you.  Do with them what you will!


Adobe Blog Post

StackPath Support Article