In this post, we’ll explore how to extract the private key and certificate from a PFX file using OpenSSL.

Extracting Key and Certificate

To extract the key and certificate from a PFX file, you can use OpenSSL commands. Below are the commands:

Extracting the Private Key

openssl pkcs12 -in yourfile.pfx -nocerts -out key.pem -nodes -password pass:yourpassword

If the PFX file has no password, you can omit the `-password pass:yourpassword` part from the command.

Extracting the Certificate

openssl pkcs12 -in yourfile.pfx -clcerts -nokeys -out cert.pem -password pass:yourpassword

Again, if the PFX file has no password, you can omit the `-password pass:yourpassword` part from the command.

Checking PEM File Validity

After extracting the key and certificate, you may want to ensure that the PEM files (`key.pem` and `cert.pem`) are valid. You can do this using OpenSSL commands:

Checking the Private Key Validity

openssl rsa -in key.pem -check

Checking the Certificate Validity

openssl x509 -in cert.pem -text -noout

If both commands run without errors or warnings, it indicates that your PEM files are valid. If there are any issues, OpenSSL will typically provide error messages indicating the problem.

Conclusion

By following these steps, you can easily extract the key and certificate from a PFX file and ensure their validity using OpenSSL. Remember to handle password-protected PFX files appropriately for security.