How to extract a PFX

Posted 3 years ago

If you use PFX files instead of pem, key or crt files, you will have a lot of issues trying to use it with a lot of linux software. The best option is to extract the files out of the pfx so you can use the individual files with whatever software you wish.

Note: You will need OpenSSL installed to do this, if you are on windows, you can download it here: http://slproweb.com/products/Win32OpenSSL.html.

Extract the private key from the PFX

openssl pkcs12 -in {site}.pfx  -nocerts -nodes -passin pass:{password} | openssl rsa -out {site}.key

Extract the public key from the PFX

openssl pkcs12 –in {site}.pfx -clcerts -nokeys -passin pass:{password} | openssl x509 -out {site}.cer

Extract the chain bundle from the PFX

openssl pkcs12 -in {site}.pfx -nodes -nokeys -cacerts -passin pass:{password} | openssl x509 -chain -out bundle.crt

You now have 3 files instead of a single PFX file.

  • {site}.cer - This is your actual certificate
  • {site}.key - This is your private private key
  • bundle.crt - This is your certificate chain file
Tags: pfx crt cer key certificate openssl