Menu
Share This
Close Menu
Menu
Scroll Down
Tags
Categories
//Extracting Public and Private Certificates from a PFX

Extracting Public and Private Certificates from a PFX

Category : #IT Pro/DevOps #OpenSource #Identity
Tags : #Linux#Networking#Azure
PFX files enable to transportation of certificates between systems, however many services require separate files for both public and private certificates

Using OpenSSL, we can extract the private key, and the certificate into independent file’s, which is required for most networking devices, and linux services.

You will need to install the OpenSSL package, either on your Windows or Linux system (I have covered how to update the current version on Linux here)

Export the private key from the PFX file

We begin, by passing in the PFX and requesting the Private key to be placed into its own file. This process will require that you provide the password which is used to protect the PFX file, and also a new password to protect the new private key file (this is not optional).

openssl pkcs12 -in filename.pfx -nocerts -out PrivateKeyWithPassword.pem

Enter Import Password: [Input the export password of the PFX File]
MAC verified OK
Enter PEM pass phrase: [Min 5 Char New Temp Password]

Remove the passphrase from the private key

The previous step created a new password protected file, which we called PrivateKeyWithPassword.pem that contains only the certificates private key. In many cases, we may need to use this file, without the password protection, so the following step will generate a new private key file key.pem

openssl rsa -in PrivateKeyWithPassword.pem -out Private.key
Enter pass phrase for c:\temp\SSL\key.pem: [Min 5 Char New Temp Password]
writing RSA key

Export the certificate from the PFX file

The final requirement in this typical configuration is to export the certificate as an independent file from the PFX without the private key.

Similar to the previous steps, we will provide the name of the PFX and the new certificate file, for example cert.pem. Again as the PFX contains the private key, you need to provide the export password to allow this process to complete.

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Enter Import Password: [Input the export password of the PFX File]
MAC verified OK

Note, if your PFX contains all the certificates in the chain, you can also export all these to the certificate file, cert.pem using the following command syntax.

openssl.exe pkcs12 -in filename.pfx -out cert.pem -nodes
Enter Import Password: [Input the export password of the PFX File]
MAC verified OK

Damian Flynn

I define myself as an evangelist; an entrepreneur & author with an ideology rooted in business insights, technology exploration, pattern analysis and high energy. I envision, theorize and develop system architecture and strategic business platforms, soaked in storytelling and innovative technology.

Follow :
Comments

01. About Author

Damian Flynn

I define myself as an evangelist; an entrepreneur & author with an ideology rooted in business insights, technology exploration, pattern analysis and high energy. I envision, theorize and develop system architecture and strategic business platforms, soaked in storytelling and innovative technology.

Find on :

02. Last Posts

03. Tags

ad arm automation az-cli azure cbus custom-providers delegation ea enterprise-agreement functions general iac internet-of-things linux managed-applications mqtt networking nodejs powershell private-link raspberrypi service-catalog spn template

05. Categories

Do you want to learn more ?

Get In Touch
CONNECT
01.Last Twitts
Follow
02. Subscribe / Contacts

Want to be notified when I post an udpate. Just sign up and we'll send you a notification by email.

© / 2020 / All rights reserved.
Get in Touch
Close