in Security

Export certificate and private key from a pfx file

When moving certificates from Windows servers to Linux you may need to export the private key and certificate from a pfx file. This is how it’s done:

1. Export the private key

openssl pkcs12 -in cert.pfx -nocerts -out cert.key.wpass

Replace cert.pfx with the certificate exported from Windows. The private key will be exported to cert.key.wpass including a password that you need to selecting in this step

2. Remove the password from the private key (optional but may be required when the key is used with Apache or other background services)

openssl rsa -in cert.key.wpass -out cert.key

Here you need to type the password selected in step 1

3. Export the certificate

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.cer

Now you have the certificate and key in cert.key and cert.cer which can be used with any service