This guide will show you how to convert a .pfx certificate file into its separate public certificate and private key files. This can be useful if you want to export a certificate (in the pfx format) from a Windows server, and load it into Apache or Nginx for example, which requires a separate public certificate and private key file.
In the examples below, the following files will be used:
domain.name.pfx – This will be the PFX file containing the public certificate and private key.
domain.name.crt – This is the public certificate file outputted by OpenSSL.
domain.name.key – This is the private encryption key for the above certificate outputted by OpenSSL.
Extracting the public certificate from the pfx file
$ openssl pkcs12 -in domain.name.pfx -clcerts -nokeys -out domain.name.crt
Enter in the password for the PFX file when asked. You cant export the certificate or key if you don’t have this password.
You will now have the public certificate file (eg: domain.name.crt).
Extracting the private key from the pfx file
$ openssl pkcs12 -in domain.name.pfx -nocerts -nodes -out domain.name.key
Enter in the password for the PFX file when asked. You cant export the certificate or key if you don’t have this password.
You will now have the private key file (eg: domain.name.key).