What is a PFX Certificate
PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key PFX Certificate?
In practice .pfx is just another file extension for a PKCS#12 or .p12 type certificate.
Convert PFX to PEM
This command will convert a pfx certificate to a X509 pem encoded certificate. The use of the -nodes flag will give the option to password protect the private key in the new pem encoded certificate. For information on converting pem to der encoded certificates.
Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate
Encrypt private key with a password
1 |
openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> |
Do not encrypt private key
1 |
openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nodes |
Export Public Certificate from pfx
1 |
openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nokeys -clcerts |
Export Private Key from pfx
1 |
openssl pkcs12 -in <em>certificate.pfx</em> -out <em>certificate.key</em> -nocerts -nodes |
Export Certificate Authority (CA) Chain from pfx
1 |
openssl pkcs12 -in <em>certificate.pfx</em> -out <em>ca-chain.pem</em> -nokeys -cacerts<br /><br /> |
Convert PFX to JKS ( Java Keystore )
1 |
If you do have Keytool application and your PKCS#12 file, launch the one-line command: |
1 |
keytool -importkeystore -srckeystore <em>source.p12</em> -srcstoretype pkcs12<br /> -srcalias <em>Alias</em> -destkeystore <em>target.jks </em>-deststoretype jks <br /> -deststorepass <em>password</em> -destalias <em>Alias</em> |
Thanks for putting this together, you saved me hours of work. I need to script extraction of private keys from 1000s of files, this helps greatly and doing it manually would have been a deal breaker.