Extract certificate and key from .pfx file
Published on
Extract the certificate from the .pfx file:
openssl pkcs12 -in <DOT_PFX_FILE> -clcerts -nokeys -chain -out certificate.crt
Extract the private key in .pem format without encryption from the .pfx file:
openssl pkcs12 -in <DOT_PFX_FILE> -nocerts -nodes -out private_key.pem
Convert the .pem into RSA key format:
openssl rsa -in private_key.pem -out id_rsa
If you are using OpenSSL 3 it will default it’s output to be in PKCS8 format, that contains encapsulation boundaries like this:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
If you need your key to be in PKCS1 AKA traditional format use the -traditional flag like this:
openssl rsa -in private_key.pem -traditional -out id_rsa
This will give you the key with the following encapsulation boundaries:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
This work is licensed under a Creative Commons Attribuition-ShareAlike 4.0 International License .