Sometimes you have to deliver or you even get your server certificate files in the pfx file format (personal information exchange, see https://msdn.microsoft.com/en-us/library/windows/hardware/ff549703(v=vs.85).aspx), that is commonly used in Windows based environments.
The following paragraphs show, how to export or extract a certificate to or from PFX.
Export cert to PFX
In order to export the Certificate, Private Key and any intermediate certificate as a pfx file use the command below:
Login as root into your Linux server.
$> openssl pkcs12 -export -in ask-sheldon.cert -inkey ask-sheldon.key [-certfile ask-sheldon.csr] -out ask-sheldon.pfx Enter Export Password : TopSecret (ex : ask-sheldon1234 :-D)
The command above will build a my.pfx file from my.cert and my.key.
Remember to change the names to match your file names.
Extract cert from PFX
To re-extract the original key- and cert-file, you can use the openssl command too:
$> openssl pkcs12 -in ask-sheldon.pfx -clcerts -nokeys -out ask-sheldon.cer $> openssl pkcs12 -in ask-sheldon.pfx -nocerts -nodes -out ask-sheldon.key