Export or extract a certificate to or from PFX

Sometimes you have to deliver or you even get your server certificate files in the pfx file format (personal information exchange, see https://msdn.microsoft.com/en-us/library/windows/hardware/ff549703(v=vs.85).aspx), that is commonly used in Windows based environments.

The following paragraphs show, how to export or extract a certificate to or from PFX.

Export cert to PFX

In order to export the Certificate, Private Key and any intermediate certificate as a pfx file use the command below:

Login as root into your Linux server.

$> openssl pkcs12 -export -in ask-sheldon.cert -inkey ask-sheldon.key [-certfile ask-sheldon.csr] -out ask-sheldon.pfx
Enter Export Password : TopSecret (ex : ask-sheldon1234 :-D)

The command above will build a my.pfx file from my.cert and my.key.

Remember to change the names to match your file names.

Extract cert from PFX

To re-extract the original key- and cert-file, you can use the openssl command too:

$> openssl pkcs12 -in ask-sheldon.pfx -clcerts -nokeys -out ask-sheldon.cer
$> openssl pkcs12 -in ask-sheldon.pfx -nocerts -nodes  -out ask-sheldon.key


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.