I needed to get .pem’s out of a .pfx recently for an application that did not have an easy method to upload a .pfx. It ran on top of a debian distro so I figured it was easier to just drop the .pem’s where they need to be, but then I realized I’ve never taken a .pfx and split it up before. Perfect time to figure it out right? Luckily the issue wasn’t all that important (was a test/dev thing), so that’s just what I did. Here is what I came up with:
1.) Install OpenSSL on a machine
2.) Copy .pfx file to that computer
3.) Run the following to get the key.pem:
1 2 |
openssl pkcs12 -in C:\Certificates\test.pfx -nocerts -out C:\Certificates\test-key.pem -nodes Enter Import Password: supersecretpassword |
4.) Run the following to get the crt.pem
1 2 |
openssl pkcs12 -in C:\Certificates\test.pfx -clcerts -nokeys -out C:\Certificates\test-crt.pem Enter Import Password: supersecretpassword |
That should do it for you. Do with them what you will!
Sources: