A .PFX (Personal Information Exchange) file is used to store a certificate and its private and public keys. For example, if we need to transfer SSL certificate from one windows server to another, You can simply export it as .pfx file using IIS SSL export wizard or MMC console.
Sometimes we need to extract private keys and certificates from .pfx file, but we can’t directly do it. This article can be helpful for you to do the same. This article will also helpful for you to migrate an SSL certificate to AWS ELB because ELB required private keys and certificates separately.
In order to use below commands, you must have OpenSSL installed on your Windows or Linux system
Extract Private Key from PFX
The following command will extract the private key from the .pfx file. A new file private-key.pem will be created in current directory. This command required a password set on the pfx file.
openssl pkcs12 -in myfile.pfx -nocerts -out private-key.pem -nodes Enter Import Password:
Open the result file (private-key.pem) and copy text between and encluding —–BEGIN PRIVATE KEY—– and —–END CERTIFICATE—– text.
Extract Certificate from PFX
Then extract the certificate file. The following command will extract the certificate from the .pfx file. You can find the certificate in file named certificate.pem.
openssl pkcs12 -in myfile.pfx -nokeys -out certificate.pem Enter Import Password:
Open the result file (certificate.pem) and copy text between and encluding —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– text. This file may also include the other certificate chain. The first block will be your domain certificate and others will be the chain. You can copy all the certificates in one file and use it.