Wednesday, February 29, 2012

From PFX to PEM

If you ever find yourself in the situation when you need to extract the certificate and the private key from the PFX file you might be somewhat disoriented at first, especially if your experience is limited to Windows systems. Do not despair, it is very easy to do.  

One possible scenario - you have requested and processed the original certificate using IIS, then exported certificate with the private key, either to be stored in the safe place as a backup or to be imported into other servers or devices (typical in case of say wildcard certificates). Then, when you try to import it into a Linux/Apache based appliance, you find out that it requires a slightly different format (a certificate file and a private key file):

First, you would need to get a hold of an OpenSSL toolkit, visit OpenSSL Project website or download Windows installer hereOnce you have installed OpenSSL and have your PFX file handy, you can run the following commands to extract the private key and the certificate into two separate files:

openssl.exe pkcs12 -in XYZ.pfx -nocerts -out XYZprivateKey.pem
openssl.exe pkcs12 -in XYZ.pfx -clcerts -nokeys -out XYZpublicCert.cer

That's it. You can now import them.

No comments:

Post a Comment