What is a PFX Certificate

PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key PFX Certificate?

In practice .pfx is just another file extension for a PKCS#12 or .p12 type certificate.

Convert PFX to PEM

This command will convert a pfx certificate to a X509 pem encoded certificate. The use of the -nodes flag will give the option to password protect the private key in the new pem encoded certificate. For information on converting pem to der encoded certificates.

Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate

Encrypt private key with a password

openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em>

1	openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em>

Do not encrypt private key

openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nodes

1	openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nodes

Export Public Certificate from pfx

openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nokeys -clcerts

1	openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nokeys -clcerts

Export Private Key from pfx

openssl pkcs12 -in <em>certificate.pfx</em> -out <em>certificate.key</em> -nocerts -nodes

1	openssl pkcs12 -in <em>certificate.pfx</em> -out <em>certificate.key</em> -nocerts -nodes

Export Certificate Authority (CA) Chain from pfx

openssl pkcs12 -in <em>certificate.pfx</em> -out <em>ca-chain.pem</em> -nokeys -cacerts<br /><br />

1	openssl pkcs12 -in <em>certificate.pfx</em> -out <em>ca-chain.pem</em> -nokeys -cacerts<br /><br />

Convert PFX to JKS ( Java Keystore )

If you do have Keytool application and your PKCS#12 file, launch the one-line command:

1	If you do have Keytool application and your PKCS#12 file, launch the one-line command:

keytool -importkeystore -srckeystore <em>source.p12</em> -srcstoretype pkcs12<br /> -srcalias <em>Alias</em> -destkeystore <em>target.jks </em>-deststoretype jks <br /> -deststorepass <em>password</em> -destalias <em>Alias</em>

1	keytool -importkeystore -srckeystore <em>source.p12</em> -srcstoretype pkcs12<br /> -srcalias <em>Alias</em> -destkeystore <em>target.jks </em>-deststoretype jks <br /> -deststorepass <em>password</em> -destalias <em>Alias</em>

One thought on “PFX (p12) Certificate Conversion”

Sonny says:
Thanks for putting this together, you saved me hours of work. I need to script extraction of private keys from 1000s of files, this helps greatly and doing it manually would have been a deal breaker.

June 7, 2013 at 5:58 PM

Personal, Public Key Infrastructure ( PKI ), Tech

PFX (p12) Certificate Conversion

What is a PFX Certificate

Convert PFX to PEM

Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate

Encrypt private key with a password

Do not encrypt private key

Export Public Certificate from pfx

Export Private Key from pfx

Export Certificate Authority (CA) Chain from pfx

Convert PFX to JKS ( Java Keystore )

admin

One thought on “PFX (p12) Certificate Conversion”

Leave a Reply Cancel reply

What is a PFX Certificate

Convert PFX to PEM

Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate

Encrypt private key with a password

Do not encrypt private key

Export Public Certificate from pfx

Export Private Key from pfx

Export Certificate Authority (CA) Chain from pfx

Convert PFX to JKS ( Java Keystore )

admin

One thought on “PFX (p12) Certificate Conversion”

Leave a Reply Cancel reply

Login

Register