How to convert PFX to separate .key/.crt file

Published by Praseeb K Das on

In this article, we will see the commands used to convert.PFX certificate file to separate certificate and key file.

Check OpenSSL package is installed in your system.

Step1:

Go to the .pfx folder location.
Now type the below command to extract the private key from pfx file.


openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

The explanation for this command, this command extract the private key from the .pfx file. Now we need to type the import password of the .pfx file. This password is used to protect the keypair which created for .pfx file. After entering import password OpenSSL requests to type another password twice. This new password is to protect the .key file.

techrunnr@ubuntu:~/Downloads/SSL-certificate$ openssl pkcs12 -in samplefile.pfx -nocerts -out samplefileencrypted.key
Enter Import Password:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
techrunnr@ubuntu:~/Downloads/SSL-certificate$


DigiCertCA2.cer  samplefileencrypted.key  samplefile.pfx TrustedRoot.cer

Step2:

Extract the certificate:


openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

Just press enter and your certificate appears.

techrunnr@ubuntu:~/Downloads/SSL-certificate$ openssl pkcs12 -in samplefile.pfx -clcerts -nokeys -out samplefileencrypted.crt
Enter Import Password:
techrunnr@ubuntu:~/Downloads/SSL-certificate$ ls
DigiCertCA2.cer  samplefileencrypted.crt  samplefileencrypted.key  samplefile.pfx  TrustedRoot.cer

Step3:

Now we will see how to have an unencrypted .key file to import some applications/devices. Unencrypted keypair very unsafe, so be careful.

The command:

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

We need to enter the import password which we created newly in step 1. Now we have a certificate(.crt) and the two private keys ( encrypted and unencrypted).

techrunnr@ubuntu:~/Downloads/SSL-certificate$ openssl rsa -in samplefileencrypted.key -out samplefileunencrypted.key
Enter pass phrase for samplefileencrypted.key:
writing RSA key
techrunnr@ubuntu:~/Downloads/SSL-certificate$ ls
DigiCertCA2.cer  samplefileencrypted.key  samplefile.pfx TrustedRoot.cer samplefileunencrypted.key

 

© 2019, Techrunnr. All rights reserved.

#1
#2
#3
Questions Answered
Articles Written
Overall Points
Categories: LinuxopensourceSecurity
Tags:

0 Comments

Leave a Reply

Related Posts

robo-3t
Linux

Install RoboMongo (Robo 3T) on Ubuntu 18.04

Share this on WhatsApp Robo3T formerly known as RobMongo is one of best GUI tools for the managing and querying MongoDB database. Follow below steps to install Robo 3T using terminal Step 1: Goto https://robomongo.org/download Read more…

aws-s3-cli
AWS

AWS S3 CLI Basic Commands with Examples to Manage Buckets and Objects

Share this on WhatsApp In this article, we will see the basic aws s3 CLI commands used to manage buckets and objects. Before that, kindly install aws CLI commands in your system, you can refer Read more…

database

dockerisation of monogdb replica and HA

Share this on WhatsApp Hi Techrunnr, this document is related dockerising mongodb with replication setup and HA HA (High availability) refers to improvement of system and app availability by minimising the down time for usual Read more…

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.
I agree to Terms of Service and Privacy Policy
SIGN UP FOR NEWSLETTER NOW