Extract .crt and .key files from .pfx file
Start OpenSSL from the OpenSSL\bin folder.
Open the command prompt and go to the folder that contains your .pfx file.
Run the following command to extract the private key:
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]
You will be prompted to type the import password. Type the password that you used to protect your keypair when you created the .pfx file.
You will be prompted again to provide a new password to protect the .key file that you are creating. Store the password to your key file in a secure place to avoid misuse.
Run the following command to extract the certificate:
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
Run the following command to decrypt the private key:
openssl rsa -in [drlive.key] -out [drlive-decrypted.key]
Type the password that you created to protect the private key file in the previous step.
The .crt file and the decrypted and encrypted .key files are available in the path, where you started OpenSSL.
Merge certificate and private key
OpenSSL.exe pkcs12 –export –in certfile.cer –inkey certfile.key –out certfile.pfx
Ange det tillfälliga lösenord du vill använda för att skydda PFX-filen
Importera PFX-filen lokalt på den dator där den genererades, välj att private key ska kunna exporteras och exportera sedan på nytt med det lösenord du vill ska skydda och att private key ska ingå.
Gör man inte detta kan det vara svårt importera PFX-filen på en annan dator.
Extract Private Key from PFX
The following command will extract the private key from the .pfx file. A new file private-key.pem will be created in current directory.
This command required a password set on the pfx file.
openssl pkcs12 -in myfile.pfx -nocerts -out private-key.pem -nodes
Enter Import Password:
Open the result file (private-key.pem) and copy text between and encluding —–BEGIN PRIVATE KEY—– and —–END CERTIFICATE—– text.
Extract Certificate from PFX
Then extract the certificate file. The following command will extract the certificate from the .pfx file.
You can find the certificate in file named certificate.pem.
openssl pkcs12 -in myfile.pfx -nokeys -out certificate.pem
Enter Import Password:
Open the result file (certificate.pem) and copy text between and encluding —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– text.
This file may also include the other certificate chain. The first block will be your domain certificate and others will be the chain.
You can copy all the certificates in one file and use it.