What is a PFX Certificate
PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key PFX Certificate?
In practice .pfx is just another file extension for a PKCS#12 or .p12 type certificate.
Convert PFX to PEM
This command will convert a pfx certificate to a X509 pem encoded certificate. The use of the -nodes flag will give the option to password protect the private key in the new pem encoded certificate. For information on converting pem to der encoded certificates.
Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate
Encrypt private key with a password
openssl pkcs12 -in Certificate.pfx -out NewCertificate.pem
Do not encrypt private key
openssl pkcs12 -in Certificate.pfx -out NewCertificate.pem -nodes
Export Public Certificate from pfx
openssl pkcs12 -in Certificate.pfx -out NewCertificate.pem -nokeys -clcerts
Export Private Key from pfx
openssl pkcs12 -in certificate.pfx -out certificate.key -nocerts -nodes
Export Certificate Authority (CA) Chain from pfx
openssl pkcs12 -in certificate.pfx -out ca-chain.pem -nokeys -cacerts
Convert PFX to JKS ( Java Keystore )
If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore source.p12 -srcstoretype pkcs12
-srcalias Alias -destkeystore target.jks -deststoretype jks
-deststorepass password -destalias Alias
One thought on “PFX (p12) Certificate Conversion”
Thanks for putting this together, you saved me hours of work. I need to script extraction of private keys from 1000s of files, this helps greatly and doing it manually would have been a deal breaker.